Analysis of Vulnerability Disclosure Delays from the National Vulnerability Database

  • Luis Gustavo Araujo Rodriguez
  • Julia Selvatici Trazzi
  • Victor Fossaluza
  • Rodrigo Campiolo
  • Daniel Macêdo Batista

Resumo


The Internet contains vast amounts of data; consequently, hindering information retrieval. Resources, such as the National Vulnerability Database (NVD), have emerged to remedy this situation. Organizations largely depend on the NVD in order to disclose vulnerabilities and collaborate towards a solution. However, there has been evidence that other sources are disclosing vulnerabilities more efficiently and rapidly. The objective of this paper is to evaluate vulnerability disclosure delays from the NVD in order to state its efficiency. Among several findings, we observed that the majority of vulnerabilities are delayed within 1-7 days. Based on these results, we provide recommendations for those who currently rely only on NVD, such as IoT manufacturers and developers.
Publicado
06/05/2018
RODRIGUEZ, Luis Gustavo Araujo; TRAZZI, Julia Selvatici; FOSSALUZA, Victor; CAMPIOLO, Rodrigo; BATISTA, Daniel Macêdo. Analysis of Vulnerability Disclosure Delays from the National Vulnerability Database. In: WORKSHOP DE SEGURANÇA CIBERNÉTICA EM DISPOSITIVOS CONECTADOS (WSCDC), 1. , 2018, São José dos Campos. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2018 .