Seasonality in Vulnerability Discovery in Major Software Systems
暂无分享,去创建一个
Prediction of vulnerability discovery rates can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. An examination of the vulnerability data suggests a seasonal behavior that has not been modeled by the recently proposed vulnerability discovery models. This seasonality has not been identified or examined so far. This study examines whether vulnerability discovery rates for Windows NT, IIS Server and the Internet Explorer exhibit a significant annual seasonal pattern. Actual data has been analyzed using seasonal index and auto correlation function approaches to identify seasonality and to evaluate its statistical significance. The results for the three software systems show that there is indeed a significant annual seasonal pattern.
[1] J. M. García,et al. A statistical analysis of the seasonality in pulmonary tuberculosis , 2000, European Journal of Epidemiology.
[2] Burce L Bowerman,et al. Time series forecasting: unified concepts and computer implementation , 1986 .
[3] Yashwant K. Malaiya,et al. Application of Vulnerability Discovery Models to Major Operating Systems , 2008, IEEE Transactions on Reliability.