Does OpenBSD and Firefox’s Security Improve With Time?

Artigo Revisado por pares

Does OpenBSD and Firefox’s Security Improve With Time?

2022; IEEE Computer Society; Volume: 20; Issue: 4 Linguagem: Inglês

10.1109/tdsc.2022.3153325

ISSN

2160-9209

Autores

Jian Shi, Deqing Zou, Shouhuai Xu, Xianjun Deng, Hai Jin,

Tópico(s)

Security and Verification in Computing

Resumo

Ozment and Schechter (USENIX Security’2006) analyzed the evolution of OpenBSD vulnerabilities over the span of 7 years (1998-2005) and concluded that its security increases with age. In this paper, we extend their study by analyzing the evolution of OpenBSD vulnerabilities over the span of 22 years (1998-2020) and Firefox vulnerabilities over the span of 9 years (2011-2020). Our empirical study leads to a number of insights, including the following: both OpenBSD and Firefox get more secure (i.e., less vulnerable) with time, but today’s developers do not necessarily produce more secure code; OpenBSD and Firefox developers tend to make similar security mistakes, but Firefox vulnerabilities are easier to exploit; finally, Firefox’s vulnerability density is almost one order of magnitude higher than OpenBSD’s, meaning Firefox is more vulnerable.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Does OpenBSD and Firefox’s Security Improve With Time?