An empirical study of security problem reports in Linux distributions

Author

Anbalagan, Prasanth ; Vouk, Mladen

Author_Institution

Dept. of Comput. Sci., North Carolina State Univ., Raleigh, NC, USA

fYear

2009

fDate

15-16 Oct. 2009

Firstpage

481

Lastpage

484

Abstract

Existing studies on problem reports in open source projects focus primarily on the analysis of the general category of problem reports, or limit their attention to observations on the number of security problem reports. To evaluate the security of a project, it is necessary to know not only how many security problem reports are logged but also how many are reported and how promptly they are corrected etc. In this paper, we study publicly disclosed security problem reports from eight releases of Fedora, nine releases of Ubuntu, four releases of RedHat Enterprise Linux (RHEL) and two releases of Suse Linux distributions, analyse and discuss which type of problem reports and how frequently they are reported, and how promptly they are corrected. Overall, Fedora and Suse show good results with high and medium severity security problem reports resolved without a backlog. On the other hand, RHEL and Ubuntu show less positive results with presence of backlogs.

Keywords

Linux; public domain software; security of data; statistical distributions; Fedora; RHEL; RedHat Enterprise Linux; Suse Linux distribution; Ubuntu; open source project; security problem report; Computer science; Computer security; Data security; Databases; Information security; Linux; National security; Software engineering; Software measurement; Statistics;

fLanguage

English

Publisher

ieee

Conference_Titel

Empirical Software Engineering and Measurement, 2009. ESEM 2009. 3rd International Symposium on

Conference_Location

Lake Buena Vista, FL

ISSN

1938-6451

Print_ISBN

978-1-4244-4842-5

Electronic_ISBN

1938-6451

Type

conf

DOI

10.1109/ESEM.2009.5315985

Filename

5315985