--- _id: '5647' abstract: - lang: eng text: Reviewing literature on open source and closed source security reveals that the discussion is often determined by biased attitudes toward one of these development styles. The discussion specifically lacks appropriate metrics, methodology and hard data. This paper contributes to solving this problem by analyzing and comparing published vulnerabilities of eight open source software and nine closed source software packages, all of which are widely deployed. Thereby, it provides an extensive empirical analysis of vulnerabilities in terms of mean time between vulnerability disclosures, the development of disclosure over time, and the severity of vulnerabilities, and allows for validating models provided in the literature. The investigation reveals that (a) the mean time between vulnerability disclosures was lower for open source software in half of the cases, while the other cases show no differences, (b) in contrast to literature assumption, 14 out of 17 software packages showed a significant linear or piecewise linear correlation between time and the number of published vulnerabilities, and (c) regarding the severity of vulnerabilities, no significant differences were found between open source and closed source. author: - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen citation: ama: 'Schryen G. Security of open source and closed source software: An empirical comparison of published vulnerabilities. In: 15th Americas Conference on Information Systems. ; 2009.' apa: 'Schryen, G. (2009). Security of open source and closed source software: An empirical comparison of published vulnerabilities. In 15th Americas Conference on Information Systems.' bibtex: '@inproceedings{Schryen_2009, title={Security of open source and closed source software: An empirical comparison of published vulnerabilities}, booktitle={15th Americas Conference on Information Systems}, author={Schryen, Guido}, year={2009} }' chicago: 'Schryen, Guido. “Security of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities.” In 15th Americas Conference on Information Systems, 2009.' ieee: 'G. Schryen, “Security of open source and closed source software: An empirical comparison of published vulnerabilities,” in 15th Americas Conference on Information Systems, 2009.' mla: 'Schryen, Guido. “Security of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities.” 15th Americas Conference on Information Systems, 2009.' short: 'G. Schryen, in: 15th Americas Conference on Information Systems, 2009.' date_created: 2018-11-14T14:41:24Z date_updated: 2022-01-06T07:02:19Z ddc: - '000' department: - _id: '277' extern: '1' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2018-12-18T13:16:39Z date_updated: 2018-12-18T13:16:39Z file_id: '6317' file_name: Security of Open Source and Closed Source Software An Empirical - AMCIS Version.pdf file_size: 483690 relation: main_file file_date_updated: 2018-12-18T13:16:39Z has_accepted_license: '1' keyword: - Vulnerabilities - security - open source software - closed source software - empirical comparison language: - iso: eng oa: '1' publication: 15th Americas Conference on Information Systems status: public title: 'Security of open source and closed source software: An empirical comparison of published vulnerabilities' type: conference user_id: '61579' year: '2009' ...