[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] [Research] Correlation of Patch Delivery Delay and Access Complexity

To: xen-users@xxxxxxxxxxxxx
From: Stefan GeiÃler <info@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 26 Sep 2015 11:29:53 +0200
Delivery-date: Sat, 26 Sep 2015 09:31:15 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

Hello all,

In context of my analysis of the delay between vulnerability disclosure(CVE release) and the release of a corresponding patch I am alsoanalyzing the relation between the delay and various vulnerabilitycharacteristics.

The attached figure shows the relation between Access Complexity as usedby NVD and defined in CVSS. The Y-Axis shows the average delay for eachcategory (Low, Medium, High). The numbers on top of the bars show thenumber of vulnerabilities in the respective category.

I was hoping, that someone is able to help me explain the relation thatcan be seen in the figure. Why would a higher Access Complexity lead tolonger patching delay? Or is the relation maybe just random and there isno actual connection between the two metrics?


Stefan

Attachment: PatchingDelay_Xen.png
Description: PNG image

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Follow-Ups:
- Re: [Xen-users] [Research] Correlation of Patch Delivery Delay and Access Complexity
  - From: George Dunlap

Prev by Date: Re: [Xen-users] installing xen tools
Next by Date: [Xen-users] Non readable output with XEN 4.4.3 serial console
Previous by thread: [Xen-users] installing xen tools
Next by thread: Re: [Xen-users] [Research] Correlation of Patch Delivery Delay and Access Complexity
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.