Increasing software security through open source or closed source development? Empirics suggest that we have asked the wrong question

URN to cite this document:

urn:nbn:de:bvb:355-epub-212937 Copy

Schryen, Guido ; Eliot, Rich

Preview

PDF (299kB)

Date of publication of this fulltext: 27 Jun 2011 07:35

---

Details

Item type:	Conference or workshop item (UNSPECIFIED)
Date:	2010
Institutions:	Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Alumni or Retired Professors > Professur für Wirtschaftsinformatik (Prof. Dr. Guido Schryen)
Dewey Decimal Classification:	300 Social sciences > 330 Economics 000 Computer science, information & general works > 000 Generalities, Science
Status:	Published
Refereed:	Yes, this version has been refereed
Created at the University of Regensburg:	No
Item ID:	21293

Preview

Export bibliographical data

ASCII CitationAtomBibTeXData Cite XMLDataCite XML OAIDublin CoreEndNoteHTML CitationMETSMODSOpenAPCRDF+N-TriplesRDF+N3RDF+XMLReferReference ManagerSimple MetadataXMLxMetaDissPlus

---

Abstract

While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments and the development of models is still weak. Addressing this research gap, this paper presents the first comprehensive empirical investigation of published vulnerabilities and patches of 17 widely deployed open source ...

Abstract

While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments and the development of models is still weak. Addressing this research gap, this paper presents the first comprehensive empirical investigation of published vulnerabilities and patches of 17 widely deployed open source and closed source software packages, including operating systems, database systems, web browsers, email clients, and office systems. The empirical analysis uses comprehensive vulnerability data contained in the NIST National Vulnerability Database and a newly compiled data set of vulnerability patches. The results suggest that it is not the particular software development style that determines the severity of vulnerabilities and vendors’ patching behavior, but rather the specific application type and the policy of the particular development community, respectively.

---

---

Metadata last modified: 03 Jun 2018 03:41

Owner only: item control page

Download Statistics

Download Statistics

Download Statistics

Download Statistics

Downloads

Downloads per month over past year

More literature (via CORE)

More literature (via CORE)

More literature (via CORE)

More literature (via CORE)