An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Information security is information risk management
Proceedings of the 2001 workshop on New security paradigms
Building Software Securely from the Ground Up
IEEE Software
Why the Future Belongs to the Quants
IEEE Security and Privacy
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Agents of responsibility in software vulnerability processes
Ethics and Information Technology
Economics of Software Vulnerability Disclosure
IEEE Security and Privacy
Defending a P2P Digital Preservation System
IEEE Transactions on Dependable and Secure Computing
Handling and Reporting Security Advisories: A Scorecard Approach
IEEE Security and Privacy
Matching attack patterns to security vulnerabilities in software-intensive system designs
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
ACM SIGCAS Computers and Society
An ethics and security course for students in computer science and information technology
Proceedings of the 37th SIGCSE technical symposium on Computer science education
Analyzing persistent state interactions to improve state management
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Understanding when location-hiding using overlay networks is feasible
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
Large-scale vulnerability analysis
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Information Systems Frontiers
Open vs. Closed: Which Source is More Secure?
Queue - Security
On the design of more secure software-intensive systems by use of attack patterns
Information and Software Technology
OPUS: online patches and updates for security
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Efficiency of Vulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge
IEEE Transactions on Software Engineering
BrowserShield: Vulnerability-driven filtering of dynamic HTML
ACM Transactions on the Web (TWEB)
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Flight data recorder: monitoring persistent-state interactions to improve systems management
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Improving vulnerability discovery models
Proceedings of the 2007 ACM workshop on Quality of protection
International Journal of Wireless and Mobile Computing
The near real time statistical asset priority driven (nrtsapd) risk assessment methodology
SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education
Resilient software mirroring with untrusted third parties
Proceedings of the 1st International Workshop on Hot Topics in Software Upgrades
Insecure context switching: inoculating regular expressions for survivability
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
First-aid: surviving and preventing memory management bugs during production runs
Proceedings of the 4th ACM European conference on Computer systems
Challenges and complexities of managing information security
International Journal of Electronic Security and Digital Forensics
Torbit: Design of an open source security flaw measurement suite
Journal of Computational Methods in Sciences and Engineering
Understanding when location-hiding using overlay networks is feasible
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
Using security metrics coupled with predictive modeling and simulation to assess security processes
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Information Systems Research
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Empirical study of the impact of metasploit-related attacks in 4 years of attack traces
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Optimal security patch release timing under non-homogeneous vulnerability-discovery processes
ISSRE'09 Proceedings of the 20th IEEE international conference on software reliability engineering
Beyond heuristics: learning to classify vulnerabilities and predict exploits
Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining
Proceedings of the 26th Annual Computer Security Applications Conference
Is open source security a myth?
Communications of the ACM
System Assurance: Beyond Detecting Vulnerabilities
System Assurance: Beyond Detecting Vulnerabilities
Information Systems Research
Security vulnerabilities in software systems: a quantitative perspective
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Vulnerabilities and threats in distributed systems
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
A theoretical model for the average impact of attacks on billing infrastructures
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Towards quantitative risk management for next generation networks
Telecommunication Economics
Before we knew it: an empirical study of zero-day attacks in the real world
Proceedings of the 2012 ACM conference on Computer and communications security
Patch Release Behaviors of Software Vendors in Response to Vulnerabilities: An Empirical Analysis
Journal of Management Information Systems
Towards application classification with vulnerability signatures for IDS/IPS
Proceedings of the First International Conference on Security of Internet of Things
Hi-index | 4.12 |
The authors propose a life-cycle model for system vulnerabilities, applying to three case studies to show how systems remain vulnerable long after security fixes are available. Complex information and communication systems give rise to design, implementation, and management errors, leading to a vulnerability in an information technology product that can allow security policy violations.Using their vulnerability life-cycle model, the authors present a case study analysis of specific computer vulnerabilities. For each case, the authors provide background information about the vulnerability, such as how attackers exploited it and which systems were affected. They tie the case to the life-cycle model by identifying the dates for each state within the model. Finally, they use a histogram of reported intrusions to show the life of the vulnerability and conclude with an analysis specific to the particular vulnerability.