Analysis of Vulnerability Disclosure Delays from the National Vulnerability Database

Luis Gustavo Araujo Rodriguez; Julia Selvatici Trazzi; Victor Fossaluza; Rodrigo Campiolo; Daniel Macêdo Batista

Analysis of Vulnerability Disclosure Delays from the National Vulnerability Database

Luis Gustavo Araujo Rodriguez
Julia Selvatici Trazzi
Victor Fossaluza
Rodrigo Campiolo
Daniel Macêdo Batista

Resumo

The Internet contains vast amounts of data; consequently, hindering information retrieval. Resources, such as the National Vulnerability Database (NVD), have emerged to remedy this situation. Organizations largely depend on the NVD in order to disclose vulnerabilities and collaborate towards a solution. However, there has been evidence that other sources are disclosing vulnerabilities more efficiently and rapidly. The objective of this paper is to evaluate vulnerability disclosure delays from the NVD in order to state its efficiency. Among several findings, we observed that the majority of vulnerabilities are delayed within 1-7 days. Based on these results, we provide recommendations for those who currently rely only on NVD, such as IoT manufacturers and developers.

PDF (English)

Publicado

06/05/2018

Como Citar

Selecione um Formato

RODRIGUEZ, Luis Gustavo Araujo; TRAZZI, Julia Selvatici; FOSSALUZA, Victor; CAMPIOLO, Rodrigo; BATISTA, Daniel Macêdo. Analysis of Vulnerability Disclosure Delays from the National Vulnerability Database. In: WORKSHOP DE SEGURANÇA CIBERNÉTICA EM DISPOSITIVOS CONECTADOS (WSCDC), 1. , 2018, São José dos Campos. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2018 .