{"id":4137,"date":"2016-10-07T14:21:49","date_gmt":"2016-10-07T12:21:49","guid":{"rendered":"https:\/\/blogs.uni-paderborn.de\/sse\/?p=4137"},"modified":"2016-10-07T14:21:49","modified_gmt":"2016-10-07T12:21:49","slug":"time-for-addressing-software-security-issues-prediction-models-and-impacting-factors","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2016\/10\/07\/time-for-addressing-software-security-issues-prediction-models-and-impacting-factors\/","title":{"rendered":"Time for Addressing Software Security Issues: Prediction Models and Impacting Factors"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_4137 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_4137')){$('.twoclick_social_bookmarks_post_4137').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2016\\\/10\\\/07\\\/time-for-addressing-software-security-issues-prediction-models-and-impacting-factors\\\/\",\"post_id\":4137,\"post_title_referrer_track\":\"Time+for+Addressing+Software+Security+Issues%3A+Prediction+Models+and+Impacting+Factors\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>The second paper resulting from our collaboration with SAP on developing models for estimating the time to fix security issues is published by the <a href=\"http:\/\/link.springer.com\/journal\/41019\">Data Science and Engineering journal<\/a>, Springer. We investigate, in this paper, quantitatively the major factors that impact the time it takes to fix a given security issue based on data collected automatically within SAP\u2019s secure development process, and we show how the issue fix time could be used to monitor the fixing process. The work shows that the time it takes to fix an issue seems much more related to the component in which the potential vulnerability resides, the project related to the issue, the development groups that address the issue, and the closeness of the software release date. This indicates that the software structure, the fixing processes, and the development groups are the dominant factors that impact the time spent to address security issues. The models could be used to implement a continuous improvement of the secure software development processes and to measure the impact of individual improvements. The paper is published as open source and is available <a href=\"http:\/\/link.springer.com\/article\/10.1007\/s41019-016-0019-8\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The second paper resulting from our collaboration with SAP on developing models for estimating the time to fix security issues is published by the Data Science and Engineering journal, Springer. We investigate, in this paper, quantitatively the major factors that &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2016\/10\/07\/time-for-addressing-software-security-issues-prediction-models-and-impacting-factors\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6611,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4137","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/4137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6611"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=4137"}],"version-history":[{"count":1,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/4137\/revisions"}],"predecessor-version":[{"id":4139,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/4137\/revisions\/4139"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=4137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=4137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=4137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}