Article

Free access

An empirical study of security problem reports in Linux distributions

Authors:

Prasanth Anbalagan,

Mladen VoukAuthors Info & Claims

ESEM '09: Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement

Pages 481 - 484

https://doi.org/10.1109/ESEM.2009.5315985

Published: 15 October 2009 Publication History

PDF eReader

Abstract

Existing studies on problem reports in open source projects focus primarily on the analysis of the general category of problem reports, or limit their attention to observations on the number of security problem reports. To evaluate the security of a project, it is necessary to know not only how many security problem reports are logged but also how many are reported and how promptly they are corrected etc. In this paper, we study publicly disclosed security problem reports from eight releases of Fedora, nine releases of Ubuntu, four releases of RedHat Enterprise Linux (RHEL) and two releases of Suse Linux distributions, analyse and discuss which type of problem reports and how frequently they are reported, and how promptly they are corrected. Overall, Fedora and Suse show good results with high and medium severity security problem reports resolved without a backlog. On the other hand, RHEL and Ubuntu show less positive results with presence of backlogs.

References

[1]

A. Arora, A. Nandkumar, and R. Telang. Does information security attack frequency increase with vulnerability disclosure? an empirical analysis. In Information Systems Frontiers , pages 350-362, 2006.

Crossref

Google Scholar

[2]

A. Mockus, R. Fielding, and J. Herbsleb. Two case studies of open source software development: Apache and mozilla. In ACM Transactions on Software Engineering and Methodology , pages 309-346. ACM Press, 2002.

Crossref

Google Scholar

[3]

P. Anbalagan and M. Vouk. Student paper:on reliability analysis of open source software-fedora. In ISSRE '08: Proceedings of the 19th IEEE International Symposium on Software Reliability Engineering , Seattle, WA, USA, 2008. IEEE Computer Society.

Crossref

Google Scholar

[4]

Z. Li, L. Tan, X. Wang, S. Lu, Y. Zhou, and C. Zhai. Have things changed now? An empirical study of bug characteristics in modern open source software. In ASID '06: Proceedings of the 1st workshop on Architectural and system support for improving software dependability , October 2006.

Crossref

Google Scholar

[5]

J. D. Musa, A. Iannino, and K. Okumoto. Software reliability: measurement, prediction, application . McGraw-Hill, Inc., New York, NY, USA, 1987.

Crossref

Google Scholar

[6]

P. Anbalagan and M.A. Vouk. Security failure estimation for open source software: An empirical approach. In Proceedings of the 1st Workshop on Dependable Software Engineering 2008 (WDSE 2008) , Seattle/Redmond, Washington, USA, 2008.

Google Scholar

Cited By

View all

Yusop NGrundy JVasa RBeecham SKitchenham BMacDonell S(2016)Reporting usability defectsProceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering10.1145/2915970.2915995(1-10)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1145/2915970.2915995
Zaman SAdams BHassan ALanza MDi Penta MXie T(2012)A qualitative study on performance bugsProceedings of the 9th IEEE Working Conference on Mining Software Repositories10.5555/2664446.2664477(199-208)Online publication date: 2-Jun-2012
https://dl.acm.org/doi/10.5555/2664446.2664477

Index Terms

An empirical study of security problem reports in Linux distributions

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ESEM '09: Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement

October 2009

601 pages

ISBN:9781424448425

Publisher

IEEE Computer Society

United States

Publication History

Published: 15 October 2009

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 130 of 594 submissions, 22%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
227
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Yusop NGrundy JVasa RBeecham SKitchenham BMacDonell S(2016)Reporting usability defectsProceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering10.1145/2915970.2915995(1-10)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1145/2915970.2915995
Zaman SAdams BHassan ALanza MDi Penta MXie T(2012)A qualitative study on performance bugsProceedings of the 9th IEEE Working Conference on Mining Software Repositories10.5555/2664446.2664477(199-208)Online publication date: 2-Jun-2012
https://dl.acm.org/doi/10.5555/2664446.2664477

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Learn Red Hat Linux Security

Linux: The Complete Reference

Linux: The Complete Reference