论文信息 - Security Vulnerability and Patch Management in Electric Utilities: A Data-Driven Analysis

Security Vulnerability and Patch Management in Electric Utilities: A Data-Driven Analysis

This paper explores a real security vulnerability and patch management dataset from an electric utility in order to shed light on characteristics of the vulnerabilities that electric utility assets have and how they are remediated in practice. Specifically, it first analyzes the distribution of vulnerabilities over software, assets, and other metric. Then it analyzes how vulnerability features affect remediate actions.

Fengli Zhang | Qinghua Li

[1] Fabio Massacci,et al. Attack Potential in Impact and Complexity , 2017, ARES.

[2] Muhammad Zubair Shafiq,et al. A large scale exploratory analysis of software vulnerability life cycles , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[3] Twittie Senivongse,et al. Security vulnerability assessment for software version upgrade , 2017, 2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD).

[4] Vern Paxson,et al. A Large-Scale Empirical Study of Security Patches , 2017, CCS.

[5] Ramayya Krishnan,et al. An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure , 2010, Inf. Syst. Res..

[6] Bernhard Plattner,et al. Large-scale vulnerability analysis , 2006, LSAD '06.

[7] S M Monzur Murshed. An investigation of software vulnerabilities in open source software projects using data from publicly-available online sources. , 2017 .