[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] [Research] Correlation of Patch Delivery Delay and Access Complexity

Hello all,

In context of my analysis of the delay between vulnerability disclosure (CVE release) and the release of a corresponding patch I am also analyzing the relation between the delay and various vulnerability characteristics.

The attached figure shows the relation between Access Complexity as used by NVD and defined in CVSS. The Y-Axis shows the average delay for each category (Low, Medium, High). The numbers on top of the bars show the number of vulnerabilities in the respective category.

I was hoping, that someone is able to help me explain the relation that can be seen in the figure. Why would a higher Access Complexity lead to longer patching delay? Or is the relation maybe just random and there is no actual connection between the two metrics?


Attachment: PatchingDelay_Xen.png
Description: PNG image

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.