DOI:10.1145/1920261.1920299

Corpus ID: 207184232

Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities

@inproceedings{Clark2010FamiliarityBC,
  title={Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities},
  author={S. Clark and S. Frei and Matt Blaze and J. Smith},
  booktitle={ACSAC '10},
  year={2010}
}

S. Clark, S. Frei, +1 author J. Smith

Published in ACSAC '10 2010

Computer Science

Work on security vulnerabilities in software has primarily focused on three points in the software life-cycle: (1) finding and removing software defects, (2) patching or hardening software after vulnerabilities have been discovered, and (3) measuring the rate of vulnerability exploitation. This paper examines an earlier period in the software vulnerability life-cycle, starting from the release date of a version through to the disclosure of the fourth vulnerability, with a particular focus on… CONTINUE READING

Share This Paper

51 Citations

Highly Influential Citations

2

Background Citations

31

Methods Citations

4

Results Citations

1

Supplemental Content

Video

DEFCON 19 (2017) Familiarity Breeds Contempt

Frank Borja

28 December 2017

Presentation Slides

Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities

Figures, Tables, and Topics from this paper

Figures and Tables

Paper Mentions

Blog Post

David Rosenthal: Blockchain: What's Not To Like?

Planet Code4Lib

14 April 2019

Blog Post

David Rosenthal: Brief Talk at Video Game Preservation Workshop

Planet Code4Lib

22 February 2018

Blog Post

David Rosenthal: Not Whether But When

Planet Code4Lib

3 October 2017

Blog Post

David Rosenthal: Not Whether But When

Planet Code4Lib

3 October 2017

Blog Post

David Rosenthal: Decentralized Long-Term Preservation

Planet Code4Lib

27 July 2017

Blog Post

Harvard Library Innovation Lab: IIPC 2017 – Day Two

Planet Code4Lib

16 June 2017

Blog Post

Harvard Library Innovation Lab: IIPC 2017 – Day Two

Planet Code4Lib

16 June 2017

Blog Post

David Rosenthal: BITAG on the IoT

Planet Code4Lib

1 December 2016

The Software Vulnerability Ecosystem: Software Development In The Context Of Adversarial Behavior

Saender Aren Clark
Environmental Science
2017

Timelines for In-Code Discovery of Zero-Day Vulnerabilities and Supply-Chain Attacks

A. Lohn
Computer Science
ArXiv
2018

1
PDF

Moving Targets: Security and Rapid-Release in Firefox

S. Clark, M. Collis, M. Blaze, J. Smith
Computer Science
CCS
2014

15
PDF

Large Scale Characterization of Software Vulnerability Life Cycles

Muhammad Shahzad, M. Shafiq, Alex X. Liu
Computer Science
IEEE Transactions on Dependable and Secure Computing
2020

3
PDF

Software Vulnerability Life Cycles and the Age of Software Products: An Empirical Assertion with Operating System Products

Jukka Ruohonen, S. Hyrynsalmi, V. Leppänen
Computer Science
CAiSE Workshops
2016

3

An historical examination of open source releases and their vulnerabilities

N. Edwards, Liqun Chen
Computer Science
CCS
2012

23
PDF

A large scale exploratory analysis of software vulnerability life cycles

M. Shahzad, M. Shafiq, Alex X. Liu
Computer Science, Engineering
2012 34th International Conference on Software Engineering (ICSE)
2012

136
PDF

Vulnerability Scrying Method for Software Vulnerability Discovery Prediction Without a Vulnerability Database

S. Rahimi, Mehdi R. Zargham
Computer Science
IEEE Transactions on Reliability
2013

44

The Tip of the Iceberg

Nikolaos Alexopoulos, Sheikh Mahbub Habib, S. Schulz, M. Mühlhäuser
Computer Science
ACM Trans. Priv. Secur.
2020

Analyses of two end-user software vulnerability exposure metrics (extended version)

J. L. Wright, M. McQueen, Lawrence Wellman
Computer Science
Inf. Secur. Tech. Rep.
2013

8

‹
1
2
3
4
5
›