Bernhard Plattner (2), Brian Trammel (1), Dominik Schatzmann (1), Stefan Frei (4), Thomas Duebendorfer (2)
Stefan Frei, Dominik Schatzmann, Bernhard Plattner, Brian Trammel
In this paper we provide a metric for the success of the "responsible disclosure" process. We measure the prevalence of the commercial markets for vulnerability information and highlight the role of security information providers (SIP), which function as the "free press" of the ecosystem.
Thomas Duebendorfer, Stefan Frei
In this paper we analyze the effectiveness of different Web browsers update mechanisms; from Google Chrome's silent update mechanism to Opera's update requiring a full re-installation
In this thesis I examine the security ecosystem, consolidating many aspects of security that have hitherto been discussed only separately. I analyze the paths vulnerability data take through the ecosystem, and the impact of each of these on security risk based on a quantitative analysis of 30,000 vulnerabilities ..
Stefan Frei, Thomas Duebendorfer, Bernhard Plattner
Although there is an increasing trend for attacks against popular Web browsers, only little is known about the actual patch level of daily used Web browsers on a global scale. We conjecture that users in large part do not actually patch their Web browsers based on recommendations, perceived threats, ..