Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities

@inproceedings{Clark2010FamiliarityBC,
  title={Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities},
  author={Sandy Clark and Stefan Frei and Matt Blaze and James MacGregor Smith},
  booktitle={ACSAC},
  year={2010}
}
Work on security vulnerabilities in software has primarily focused on three points in the software life-cycle: (1) finding and removing software defects, (2) patching or hardening software after vulnerabilities have been discovered, and (3) measuring the rate of vulnerability exploitation. This paper examines an earlier period in the software vulnerability life-cycle, starting from the release date of a version through to the disclosure of the fourth vulnerability, with a particular focus on… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 34 CITATIONS

Moving Targets: Security and Rapid-Release in Firefox

  • ACM Conference on Computer and Communications Security
  • 2014
VIEW 7 EXCERPTS
CITES RESULTS & BACKGROUND

Predicting and Fixing Vulnerabilities before They Occur: A Big Data Approach

  • 2016 IEEE/ACM 2nd International Workshop on Big Data Software Engineering (BIGDSE)
  • 2016
VIEW 3 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Reactive and Adaptive Security Monitoring in Cloud Computing

  • 2018 IEEE 3rd International Workshops on Foundations and Applications of Self* Systems (FAS*W)
  • 2018
VIEW 1 EXCERPT
CITES BACKGROUND

References

Publications referenced by this paper.
SHOWING 1-4 OF 4 REFERENCES

Milk or Wine: Does Software Security Improve with Age?

  • USENIX Security Symposium
  • 2006
VIEW 7 EXCERPTS
HIGHLY INFLUENTIAL

Windows 7 vulnerable to 8 out of 10 viruses

Chester Wisniewski
  • http://www.sophos.com/blogs/chetw/g/
  • 2009
VIEW 3 EXCERPTS
HIGHLY INFLUENTIAL

Modeling the vulnerability discovery process

  • 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05)
  • 2005
VIEW 2 EXCERPTS
HIGHLY INFLUENTIAL