A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors

G. Schryen, in: 5th International Conference on IT Security Incident Management \& IT Forensics, 2009.

Download
OA Conference Version.pdf 594.30 KB
Conference Paper | English
Abstract
While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments is still weak. Addressing this research gap, this paper presents a comprehensive empirical investigation of the patching behavior of software vendors/communities of widely deployed open source and closed source software packages, including operating systems, database systems, web browsers, email clients, and office systems. As the value of any empirical study relies on the quality of data available, this paper also discusses in detail data issues, explains to what extent the empirical analysis can be based on vulnerability data contained in the NIST National Vulnerability Database, and shows how data on vulnerability patches was collected by the author to support this study. The results of the analysis suggest that it is not the particular software development style that determines patching behavior, but rather the policy of the particular software vendor.
Publishing Year
Proceedings Title
5th International Conference on IT Security Incident Management \& IT Forensics
LibreCat-ID

Cite this

Schryen G. A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors. In: 5th International Conference on IT Security Incident Management \& IT Forensics. ; 2009.
Schryen, G. (2009). A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors. In 5th International Conference on IT Security Incident Management \& IT Forensics.
@inproceedings{Schryen_2009, title={A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors}, booktitle={5th International Conference on IT Security Incident Management \& IT Forensics}, author={Schryen, Guido}, year={2009} }
Schryen, Guido. “A Comprehensive and Comparative Analysis of the Patching Behavior of Open Source and Closed Source Software Vendors.” In 5th International Conference on IT Security Incident Management \& IT Forensics, 2009.
G. Schryen, “A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors,” in 5th International Conference on IT Security Incident Management \& IT Forensics, 2009.
Schryen, Guido. “A Comprehensive and Comparative Analysis of the Patching Behavior of Open Source and Closed Source Software Vendors.” 5th International Conference on IT Security Incident Management \& IT Forensics, 2009.
All files available under the following license(s):
Copyright Statement:
This Item is protected by copyright and/or related rights. [...]
Main File(s)
File Name
Access Level
OA Open Access
Last Uploaded
2018-12-18T13:14:48Z


Export

Marked Publications

Open Data LibreCat

Search this title in

Google Scholar