Increasing Software Security through Open Source or Closed Source Development? Empirics Suggest that We have Asked the Wrong Question
暂无分享,去创建一个
[1] Eric S. Raymond,et al. The cathedral and the bazaar - musings on Linux and Open Source by an accidental revolutionary , 2001 .
[2] William A. Arbaugh,et al. IEEE 52 Computer , 1985 .
[3] Jesus M. Gonzalez-Barahona. Free Software / Open Source: Information Society Opportunities for Europe? , 2000 .
[4] Ross J. Anderson. Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.
[5] Crispin Cowan,et al. Timing the Application of Security Patches for Optimal Uptime , 2002, LISA.
[6] Christian Payne,et al. On the security of open source software , 2002, Inf. Syst. J..
[7] A. Arora,et al. Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis , 2004 .
[8] Paul Kavanagh,et al. The Open Source Definition , 2004 .
[9] R. Anderson. Open and Closed Systems Are Equivalent (that Is, in an Ideal World) , 2004 .
[10] Andy Ozment,et al. The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting , 2005, WEIS.
[11] Eric Rescorla,et al. Is finding security holes a good idea? , 2005, IEEE Security & Privacy.
[12] Eugene H. Spafford,et al. A Trend Analysis of Vulnerabilities , 2005 .
[13] Rahul Telang,et al. Competitive and Strategic Effects in the Timing of Patch Release , 2006, WEIS.
[14] Yashwant K. Malaiya,et al. AN ANALYSIS OF THE VULNERABILITY DISCOVERY PROCESS IN WEB BROWSERS , 2006 .
[15] Yashwant K. Malaiya,et al. Measuring and Enhancing Prediction Capabilities of Vulnerability Discovery Models for Apache and IIS HTTP Servers , 2006, 2006 17th International Symposium on Software Reliability Engineering.
[16] Jun Zhang,et al. Economics of Security Patch Management , 2006, WEIS.
[17] Bernhard Plattner,et al. Large-scale vulnerability analysis , 2006, LSAD '06.
[18] Yashwant K. Malaiya,et al. Assessing Vulnerabilities in Apache and IIS HTTP Servers , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.
[19] Brian Fitzgerald,et al. Open and Closed Systems Are Equivalent (That Is, in an Ideal World) , 2007 .
[20] Indrajit Ray,et al. Measuring, analyzing and predicting security vulnerabilities in software systems , 2007, Comput. Secur..
[21] Chaim Fershtman,et al. Network Security: Vulnerabilities and Disclosure Policy , 2007, WEIS.
[22] Tyler Moore,et al. Information Security Economics - and Beyond , 2007, DEON.
[23] Dmitri Nizovtsev,et al. To Disclose or Not? An Analysis of Software User Behavior , 2006, Inf. Econ. Policy.
[24] Andreas Zeller,et al. Predicting vulnerable software components , 2007, CCS '07.
[25] Andy Ozment,et al. Improving vulnerability discovery models , 2007, QoP '07.
[26] Andy Ozment,et al. Improving Vulnerability Discovery Models Problems with De fi nitions and Assumptions , 2007 .
[27] Hao Xu,et al. Optimal Policy for Software Vulnerability Disclosure , 2008, Manag. Sci..
[28] Guido Schryen,et al. Open source vs. closed source software: towards measuring security , 2009, SAC '09.
[29] Michael Schwarz,et al. Half a Century of Public Software Institutions: Open Source as a Solution to Hold-Up Problem , 2009 .
[30] Guido Schryen,et al. Security of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities , 2009, AMCIS.