Stefan Frei / techzoom.net (Page 1)

Understanding The Web Browser Threat

Access to Google’s global Web server logs enabled us to provide the first in-depth global perspective on the state of insecurity for Web browser technologies. Understanding the nature of the threats against Web browser and their plug-in technologies is important for continued Internet usage.

Paper (EN)

Putting Private And Government CERT’s To The Test

By monitoring relevant security sites on 30-minute intervals for more than 18 months, we collected a unique dataset to compare CERT’s and private offerings.

Paper (EN)

0-Day Patch Exposure

We evaluated the patch development process of Microsoft and Apple using publicly available vulnerability data from 2002 to 2007. By correlating information from multiple sources, we analyzed possible bias in vendor information.

Paper (EN)

Large-Scale Vulnerability Analysis

Analyzing over 80,000 security advisories, we determined the discovery-, disclosure-, exploit-, and patch-date of the vulnerabilities. We quantify the trend towards zero-day exploits and measure the dynamics of (in)security to quantify the gap between exploit- and patch-availability.

Paper (EN)

Familiarity Breeds Contempt

Our analysis of a decade of software vulnerability (both open and closed source), shows that properties extrinsic to the software play a much greater role in the rate of vulnerability discovery than do intrinsic properties such as software quality.

Paper (EN)

Quantification of deviations from rationality with heavy-tails in human dynamics

We study the persistence of the use of outdated Web browsers (Firefox, Opera, Chrome and Safari) after users have been prompted to perform an update.