首页|Vulnerability diffusions in software product networks
Vulnerability diffusions in software product networks
扫码查看
点击上方二维码区域,可以放大扫码查看
原文链接
NETL
NSTL
Wiley
During software product development, the combination of digital resources (such as application programming interfaces and software development kits) establishes loose and tight edges between nodes, which form a software product network (SPN). These edges serve as observable conduits that may help practitioners and researchers better understand how vulnerabilities diffuse through SPNs. We apply network theory to analyze data from over 12 years of records extracted from the National Vulnerability Database. We contribute novel measures established using machine learning to gauge the properties influencing vulnerability diffusion within an SPN. We observed an SPN having a discernable shape that changed over time via network updates. We propose hypotheses and find empirical evidence that vulnerability diffusion is influenced by edge dynamics, developer responses, and their interaction. Implications for practice are that increased developer responses reduce software vulnerability diffusion attributed to edge dynamics.
information securitydiffusion of software vulnerabilitydigital resourcesmachine learningnetwork theoryNode2Vecsoftware vulnerability
Martin Kang、Gary Templeton、SungYong Um
展开 >
Information Systems and Business Analytics, Loyola Marymount University, Los Angeles, California, USA
West Virginia University, Morgantown, West Virginia, USA
Department of Information Systems and Analytics, National University of Singapore, Singapore, Singapore
NETL
NSTL
Wiley
