The availability of source code in relation to timely response to security vulnerabilities

Computers and Security

Volumn 22, Issue 8, 2003, Pages 707-724

  Reinke, John ^a   Saiedian, Hossein ^b  

^a SPRINT   (United States)

^b University of Kansas   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER NETWORKS; COMPUTER SOFTWARE; DATA COMMUNICATION SYSTEMS; ELECTRONIC MAIL; INTERNET; SERVERS;

INTERCONNECTED COMPUTERS; SOURCE CODE;

SECURITY OF DATA;

EID: 0345764830     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0167-4048(03)00011-7     Document Type: Article

References (14)

1. Littlewood, B. and Strigini, L., 2000. Software reliability and dependability: a roadmap', Proceedings of the International Conference On The Future of Software Engineering (Limerick, Ireland), pp. 175-188.
2. Cowarn, C., Pu, C. and Hinton, H., 1998. Death, taxes, and imperfect software: surviving the inevitable, Proceedings of the 1998 Workshop on New Security Paradigms (Charlottesville, VI, USA), pp.54-70.
3. Neumann, P.G., 1995. Computer Vulnerabilities: Exploitation of Avoidance, Communications of the ACM, Vol. 38, No. 6, p. 138.
4. Devanbu, P.T. and Stubblebine, S., 2000. Software engineering for security: A roadmap, Proceedings of the Conference on the Future of Software Engineering (Limerick, Ireland), pp. 227-239.
5. Garfinkel, S. and Spafford, G., 2003. Practical UNIX & Internet Security, 3rd edn (O'Reilly & Associates).
6. Pethia, R., Paller, A. and Spafford, G., 2000. Consensus Roadmap for Defeating Distributed Denial of Service Attacks. Members of CERT/CC at Carnegie Mellon University, The SANS Institute, and The Center for Education & Research in Information Assurance & Security (CERIAS) at Purdue University, respectively. http://www.sans.org/ddos`roadmap.htm.
7. Neumann, P.G., 2000. Robust Non-proprietary Software, Proceedings of the 2000 Symposium on Security and Privacy (IEEE Computer Society, Oakland, CA, USA), pp. 122-123.
8. Martin, W. B., White, P. D. and Van eet, W. M. 2000. Government, industry, and academia: Teaming to design high confidence information security applications, Proceedings of the Third Workshop on Formal Methods in Software Practice (Portland, OR, USA), pp. 37-47.
9. Neumann, P.G., 1998. Inside Risks: Robust Open-Source Software, Communications of the ACM, Vol. 41, No. 2, p. 128.
10. Stallman, R. M., 1994. Why Software Should Not Have Owners http://www.gnu.org/philosophy/why-free.html.
11. Rochilis, J. A. and Eichin, M. W., 1989. With microscope and tweezers: The worm from MIT's perspective, Communications of the ACM, Vol. 32, No. 6, pp. 689-698.
12. Spafford, E. H., 1989. Crisis and aftermath, Communications of the ACM, Vol. 32, No. 6, pp. 678-687.
13. CERT/CC staff, CERT/CC Statistics 1988-2002, last updated 4 October 2002, http://www.cert.org/stats.
14. CERT/CC staff, CERT/CC Vulnerability Disclosure Policy, 2000, http://www.kb.cert.org/vuls/html/disclosure.