An Empirical Analysis of Exploitation Attempts Based on Vulnerabilities in Open Source Software

For open source software, security attention frequently focuses on the discovery of vulnerabilities prior to release. The large number of diverse people who view the source code may find vulnerabilities before the software product is release. Therefore, open source software has the potential to be more secure than closed source software. Unfortunately, for vulnerabilities found after release, the benefits of many having viewers may now work against open source software security. Attackers may be more likely to exploit discovered vulnerabilities since they too can view the source code and can use it to learn the details of a weakness and how best to exploit it. I examine the diffusion of vulnerabilities in open source software compared with closed source software. Empirical analysis of two years of security alert data from intrusion detection systems indicates that open source software vulnerabilities are at greater risk of exploitation, diffuse more rapidly, and have greater volume of exploitation attempts.