An Empirical Analysis of Exploitation Attempts Based on Vulnerabilities in Open Source Software
نویسنده
چکیده
For open source software, security attention frequently focuses on the discovery of vulnerabilities prior to release. The large number of diverse people who view the source code may find vulnerabilities before the software product is release. Therefore, open source software has the potential to be more secure than closed source software. Unfortunately, for vulnerabilities found after release, the benefits of many having viewers may now work against open source software security. Attackers may be more likely to exploit discovered vulnerabilities since they too can view the source code and can use it to learn the details of a weakness and how best to exploit it. I examine the diffusion of vulnerabilities in open source software compared with closed source software. Empirical analysis of two years of security alert data from intrusion detection systems indicates that open source software vulnerabilities are at greater risk of exploitation, diffuse more rapidly, and have greater volume of exploitation attempts.
منابع مشابه
Security of open source and closed source software: An empirical comparison of published vulnerabilities
Reviewing literature on open source and closed source security reveals that the discussion is often determined by biased attitudes toward one of these development styles. The discussion specifically lacks appropriate metrics, methodology and hard data. This paper contributes to solving this problem by analyzing and comparing published vulnerabilities of eight open source software and nine close...
متن کاملSecurity of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities
Reviewing literature on open source and closed source security reveals that the discussion is often determined by biased attitudes toward one of these development styles. The discussion specifically lacks appropriate metrics, methodology and hard data. This paper contributes to solving this problem by analyzing and comparing published vulnerabilities of eight open source software and nine close...
متن کاملVulnerabilities and Patches of Open Source Software: An Empirical Study
Software selection is an important consideration in managing the information security function. Open source software is touted by proponents as being robust to many of the security problems that seem to plague proprietary software. This study empirically investigates specific security characteristics of open source and proprietary operating system software. Software vulnerability data spanning ...
متن کاملCommix: Detecting and exploiting command injection flaws
Command injections are prevalent to any application independently of its operating system that hosts the application or the programming language that the application itself is developed.The impact of command injection attacks ranges from loss of data confidentiality and integrity to unauthorized remote access to the system that hosts the vulnerable application. A prime example of a real, infamo...
متن کاملVDC-Based Dynamic Code Analysis: Application to C Programs
Dynamic code analysis attempts to find errors or vulnerabilities while a program is executing on a real or virtual processor. The objective of dynamic analysis is to reduce debugging time by automatically pinpointing and informing on errors as they occur. The use of dynamic analysis tools can reduce the need for the developer to recreate the precise conditions under which an error, a vulnerabil...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010