{"title":"开源和闭源软件厂商补丁行为的综合对比分析","authors":"G. Schryen","doi":"10.1109/IMF.2009.15","DOIUrl":null,"url":null,"abstract":"While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments is still weak. Addressing this research gap, this paper presents a comprehensive empirical investigation of the patching behavior of software vendors/communities of widely deployed open source and closed source software packages, including operating systems, database systems, web browsers, email clients, and office systems. As the value of any empirical study relies on the quality of data available, this paper also discusses in detail data issues, explains to what extent the empirical analysis can be based on vulnerability data contained in the NIST National Vulnerability Database, and shows how data on vulnerability patches was collected by the author to support this study. The results of the analysis suggest that it is not the particular software development style that determines patching behavior, but rather the policy of the particular software vendor.","PeriodicalId":370893,"journal":{"name":"2009 Fifth International Conference on IT Security Incident Management and IT Forensics","volume":"70 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":"{\"title\":\"A Comprehensive and Comparative Analysis of the Patching Behavior of Open Source and Closed Source Software Vendors\",\"authors\":\"G. Schryen\",\"doi\":\"10.1109/IMF.2009.15\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments is still weak. Addressing this research gap, this paper presents a comprehensive empirical investigation of the patching behavior of software vendors/communities of widely deployed open source and closed source software packages, including operating systems, database systems, web browsers, email clients, and office systems. As the value of any empirical study relies on the quality of data available, this paper also discusses in detail data issues, explains to what extent the empirical analysis can be based on vulnerability data contained in the NIST National Vulnerability Database, and shows how data on vulnerability patches was collected by the author to support this study. The results of the analysis suggest that it is not the particular software development style that determines patching behavior, but rather the policy of the particular software vendor.\",\"PeriodicalId\":370893,\"journal\":{\"name\":\"2009 Fifth International Conference on IT Security Incident Management and IT Forensics\",\"volume\":\"70 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-09-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"27\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Fifth International Conference on IT Security Incident Management and IT Forensics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMF.2009.15\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Fifth International Conference on IT Security Incident Management and IT Forensics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMF.2009.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Comprehensive and Comparative Analysis of the Patching Behavior of Open Source and Closed Source Software Vendors
While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments is still weak. Addressing this research gap, this paper presents a comprehensive empirical investigation of the patching behavior of software vendors/communities of widely deployed open source and closed source software packages, including operating systems, database systems, web browsers, email clients, and office systems. As the value of any empirical study relies on the quality of data available, this paper also discusses in detail data issues, explains to what extent the empirical analysis can be based on vulnerability data contained in the NIST National Vulnerability Database, and shows how data on vulnerability patches was collected by the author to support this study. The results of the analysis suggest that it is not the particular software development style that determines patching behavior, but rather the policy of the particular software vendor.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
