An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Is Finding Security Holes a Good Idea?
IEEE Security and Privacy
Is Finding Security Holes a Good Idea?
IEEE Security and Privacy
Economics of Software Vulnerability Disclosure
IEEE Security and Privacy
Improving vulnerability discovery models
Proceedings of the 2007 ACM workshop on Quality of protection
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Vulnerability analysis for a quantitative security evaluation
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Optimal security patch release timing under non-homogeneous vulnerability-discovery processes
ISSRE'09 Proceedings of the 20th IEEE international conference on software reliability engineering
Which is the right source for vulnerability studies?: an empirical analysis on Mozilla Firefox
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Security impact ratings considered harmful
HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems
Proceedings of the 2010 workshop on New security paradigms
After-life vulnerabilities: a study on firefox evolution, its vulnerabilities, and fixes
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
A learning-based approach to reactive security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
An idea of an independent validation of vulnerability discovery models
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
A large scale exploratory analysis of software vulnerability life cycles
Proceedings of the 34th International Conference on Software Engineering
An historical examination of open source releases and their vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
Before we knew it: an empirical study of zero-day attacks in the real world
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
An empirical study of vulnerability rewards programs
SEC'13 Proceedings of the 22nd USENIX conference on Security
Markets for zero-day exploits: ethics and implications
Proceedings of the 2013 workshop on New security paradigms workshop
| Hi-index | 0.00 |
Despite the large amount of effort that goes toward finding and patching security holes, the available data does not show a clear improvement in software quality as a result.