Paper - Stefan Frei / techzoom.net

Familiarity Breeds Contempt

Our analysis of a decade of software vulnerability (both open and closed source), shows that properties extrinsic to the software play a much greater role in the rate of vulnerability discovery than do intrinsic properties such as software quality.

Paper (EN)

Quantification of deviations from rationality with heavy-tails in human dynamics

We study the persistence of the use of outdated Web browsers (Firefox, Opera, Chrome and Safari) after users have been prompted to perform an update.

Paper (EN)

Modelling the Security Ecosystem

We introduced a model of the security ecosystem to capture its major players and processes. On the basis of the model we analyzed and discussed the roles and incentives of the players involved, backed with empirical data of more than 27,000 vulnerabilities.

Paper (EN)

Why Silent Updates Boost Security

Security updates don’t benefit the end user of software if the update mechanism and strategy is not effective. In this paper we analyze the effectiveness of different Web browsers update mechanisms based on massivle Google web log data.

Paper (EN)

Firefox (In)Security Update Dynamics Exposed

How (in)secure is your Internet browser? You never know. One way to know more is to look at how frequently it gets updated. With data from Google's search logs we analyze the time series of update installs to compare the security of browsers.

Paper (EN)

Security Econometrics - The Dynamics of (In)Security

In this dissertation we claim that knowledge of the vulnerability lifecycle (the vulnerability discovery-, exploit-, disclosure-, and patch-time) allows us to distinguish major processes in the security environment and to quantify the risk exposure and evolution thereof at macroscopic level.