[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] [Research] Correlation of Patch Delivery Delay and Access Complexity
On Sat, Sep 26, 2015 at 10:29 AM, Stefan GeiÃler <info@xxxxxxxxxxxxxxxxxxx> wrote: > Hello all, > > In context of my analysis of the delay between vulnerability disclosure (CVE > release) and the release of a corresponding patch I am also analyzing the > relation between the delay and various vulnerability characteristics. > > The attached figure shows the relation between Access Complexity as used by > NVD and defined in CVSS. The Y-Axis shows the average delay for each > category (Low, Medium, High). The numbers on top of the bars show the number > of vulnerabilities in the respective category. > > I was hoping, that someone is able to help me explain the relation that can > be seen in the figure. Why would a higher Access Complexity lead to longer > patching delay? Or is the relation maybe just random and there is no actual > connection between the two metrics? First of all, since this question is presumably addressed to the Xen developers, it would probably better be asked on xen-devel. But to get you a better response there: I don't really have a very clear idea what you're actually measuring here. What exactly is the "CVE release" date? And what do you count as "release of a corresponding patch"? You also use a lot of acronyms (NVD, CVSS) without defining what they mean or giving any references to them. Finally, you ask about your graph, but you haven't given us any information about the data that's fed into the graph. Which XSAs are you talking about? Which ones fall into which category? That would be much more useful in helping people answer this kind of question. -George _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |