Thesis
Understanding the Validity of Real-world Security Patches
Washington State University
Master of Science (MS), Washington State University
07/2024
DOI:
https://doi.org/10.7273/000007119
Abstract
In today’s digital landscape, the spread of cyber threats presents an ongoing challenge for software security. Addressing vulnerabilities through effective patching practices is key to safeguarding systems and data from malicious exploitation. This study delves into the characteristics of security vulnerability patching within the software ecosystem, using a dataset spanning over 12 years. Our study explores 3,094 vulnerabilities across 682 open-source projects. Through analysis of vulnerable codes and associated patching activities; the research sheds light on the implications of patch deployment strategies. The study acquires some insights into patch development and deployment by examining the patterns of vulnerability symptoms, causes and consequences. The findings reveal that 15.5% unreliable vulnerabilities persist for extended periods before "actually" fixed. Moreover, the study finds 4.15% patches to be incorrect. This research advances cybersecurity resilience and informs facts for mitigating emerging threats in software systems by providing an understanding of security patching practices.
Metrics
12 File views/ downloads
15 Record Views
Details
- Title
- Understanding the Validity of Real-world Security Patches
- Creators
- Asif Zaman
- Contributors
- Haipeng Cai (Chair)Monowar Hasan (Committee Member)Feng-Hao Liu (Committee Member)
- Awarding Institution
- Washington State University
- Academic Unit
- School of Electrical Engineering and Computer Science
- Theses and Dissertations
- Master of Science (MS), Washington State University
- Publisher
- Washington State University
- Number of pages
- 102
- Identifiers
- 99901152215001842
- Language
- English
- Resource Type
- Thesis