Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities
@inproceedings{Clark2010FamiliarityBC, title={Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities}, author={S. Clark and S. Frei and Matt Blaze and J. Smith}, booktitle={ACSAC '10}, year={2010} }
Work on security vulnerabilities in software has primarily focused on three points in the software life-cycle: (1) finding and removing software defects, (2) patching or hardening software after vulnerabilities have been discovered, and (3) measuring the rate of vulnerability exploitation. This paper examines an earlier period in the software vulnerability life-cycle, starting from the release date of a version through to the disclosure of the fourth vulnerability, with a particular focus on… CONTINUE READING
Supplemental Content
Figures, Tables, and Topics from this paper
Paper Mentions
Blog Post
51 Citations
The Software Vulnerability Ecosystem: Software Development In The Context Of Adversarial Behavior
- Environmental Science
- 2017
Timelines for In-Code Discovery of Zero-Day Vulnerabilities and Supply-Chain Attacks
- Computer Science
- ArXiv
- 2018
- 1
- PDF
Large Scale Characterization of Software Vulnerability Life Cycles
- Computer Science
- IEEE Transactions on Dependable and Secure Computing
- 2020
- 3
- PDF
Software Vulnerability Life Cycles and the Age of Software Products: An Empirical Assertion with Operating System Products
- Computer Science
- CAiSE Workshops
- 2016
- 3
An historical examination of open source releases and their vulnerabilities
- Computer Science
- CCS
- 2012
- 23
- PDF
A large scale exploratory analysis of software vulnerability life cycles
- Computer Science, Engineering
- 2012 34th International Conference on Software Engineering (ICSE)
- 2012
- 136
- PDF
Vulnerability Scrying Method for Software Vulnerability Discovery Prediction Without a Vulnerability Database
- Computer Science
- IEEE Transactions on Reliability
- 2013
- 44
Analyses of two end-user software vulnerability exposure metrics (extended version)
- Computer Science
- Inf. Secur. Tech. Rep.
- 2013
- 8