Where academic tradition
meets the exciting future

The Sigmoidal Growth of Operating System Security Vulnerabilities: An Empirical Revisit

Jukka Ruohonen, Sami Hyrynsalmi, Ville Leppänen, The Sigmoidal Growth of Operating System Security Vulnerabilities: An Empirical Revisit. Computers and Security 55, 1–20, 2015.

http://dx.doi.org/10.1016/j.cose.2015.07.001

Abstract:

Purpose. Motivated by the calls for more replications, this paper evaluates a theoretical model for the sigmoidal growth of operating system security vulnerabilities by replicating and extending the existing empirical evidence. Approach. The paper investigates the growth of software security vulnerabilities by fitting the linear, logistic, and Gompertz growth models with nonlinear least squares to time series data that covers a number of operating system products from Red Hat and Microsoft. Results. Although the fitted models are not free of statistical problems, the empirical results show that a sigmoidal growth function can be used for descriptive purposes. The paper further shows that a sigmoidal trend applies also to the number of software faults that were fixed in the Red Hat products. Conclusion. The paper supports the contested theoretical growth model. The few discussed theoretical problems can be used to develop the model further.

BibTeX entry:

@ARTICLE{jRuHyLe15a,
  title = {The Sigmoidal Growth of Operating System Security Vulnerabilities: An Empirical Revisit},
  author = {Ruohonen, Jukka and Hyrynsalmi, Sami and Leppänen, Ville},
  journal = {Computers and Security},
  volume = {55},
  publisher = {Elsevier},
  pages = {1–20},
  year = {2015},
  keywords = {Software vulnerability; Growth curve; Gompertz; Replication; Operating system; Technology diffusion},
  ISSN = {1872-6208},
}

Belongs to TUCS Research Unit(s): Software Development Laboratory (SwDev)

Publication Forum rating of this publication: level 2

Edit publication