---
_id: '5647'
abstract:
- lang: eng
text: Reviewing literature on open source and closed source security reveals that
the discussion is often determined by biased attitudes toward one of these development
styles. The discussion specifically lacks appropriate metrics, methodology and
hard data. This paper contributes to solving this problem by analyzing and comparing
published vulnerabilities of eight open source software and nine closed source
software packages, all of which are widely deployed. Thereby, it provides an extensive
empirical analysis of vulnerabilities in terms of mean time between vulnerability
disclosures, the development of disclosure over time, and the severity of vulnerabilities,
and allows for validating models provided in the literature. The investigation
reveals that (a) the mean time between vulnerability disclosures was lower for
open source software in half of the cases, while the other cases show no differences,
(b) in contrast to literature assumption, 14 out of 17 software packages showed
a significant linear or piecewise linear correlation between time and the number
of published vulnerabilities, and (c) regarding the severity of vulnerabilities,
no significant differences were found between open source and closed source.
author:
- first_name: Guido
full_name: Schryen, Guido
id: '72850'
last_name: Schryen
citation:
ama: 'Schryen G. Security of open source and closed source software: An empirical
comparison of published vulnerabilities. In: 15th Americas Conference on Information
Systems. ; 2009.'
apa: 'Schryen, G. (2009). Security of open source and closed source software: An
empirical comparison of published vulnerabilities. In 15th Americas Conference
on Information Systems.'
bibtex: '@inproceedings{Schryen_2009, title={Security of open source and closed
source software: An empirical comparison of published vulnerabilities}, booktitle={15th
Americas Conference on Information Systems}, author={Schryen, Guido}, year={2009}
}'
chicago: 'Schryen, Guido. “Security of Open Source and Closed Source Software: An
Empirical Comparison of Published Vulnerabilities.” In 15th Americas Conference
on Information Systems, 2009.'
ieee: 'G. Schryen, “Security of open source and closed source software: An empirical
comparison of published vulnerabilities,” in 15th Americas Conference on Information
Systems, 2009.'
mla: 'Schryen, Guido. “Security of Open Source and Closed Source Software: An Empirical
Comparison of Published Vulnerabilities.” 15th Americas Conference on Information
Systems, 2009.'
short: 'G. Schryen, in: 15th Americas Conference on Information Systems, 2009.'
date_created: 2018-11-14T14:41:24Z
date_updated: 2022-01-06T07:02:19Z
ddc:
- '000'
department:
- _id: '277'
extern: '1'
file:
- access_level: open_access
content_type: application/pdf
creator: hsiemes
date_created: 2018-12-18T13:16:39Z
date_updated: 2018-12-18T13:16:39Z
file_id: '6317'
file_name: Security of Open Source and Closed Source Software An Empirical - AMCIS
Version.pdf
file_size: 483690
relation: main_file
file_date_updated: 2018-12-18T13:16:39Z
has_accepted_license: '1'
keyword:
- Vulnerabilities
- security
- open source software
- closed source software
- empirical comparison
language:
- iso: eng
oa: '1'
publication: 15th Americas Conference on Information Systems
status: public
title: 'Security of open source and closed source software: An empirical comparison
of published vulnerabilities'
type: conference
user_id: '61579'
year: '2009'
...