Publication | Closed Access
Windows of vulnerability: a case study analysis
263
Citations
0
References
2000
Year
EngineeringInformation SecuritySoftware EngineeringSoftware AnalysisVulnerability AnalysisHardware SecuritySecurity ModellingVulnerability Assessment (Computing)Reliability EngineeringSystems EngineeringSystem VulnerabilitiesThreat (Computer)Secure By DesignComputer ScienceCase Study AnalysisLife Cycle ModelSoftware DesignSoftware SecurityProgram AnalysisSoftware TestingSecuritySecurity MeasurementThreat ModelCase Studies
The authors propose a life cycle model for system vulnerabilities, then apply it to three case studies to reveal how systems often remain vulnerable long after security fixes are available. For each case, we provide background information about the vulnerability, such as how attackers exploited it and which systems were affected. We then tie the case to the life-cycle model by identifying the dates for each state within the model. Finally, we use a histogram of reported intrusions to show the life of the vulnerability, and we conclude with an analysis specific to the particular vulnerability.