Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Presentation

Analyzing 24 Years of CVD

  • March 2018
  • By Allen D. Householder
  • The CERT/CC has pioneered the Coordinated Vulnerability Disclosure (CVD) process. In the past year, they analyzed their case tracking data, focusing on the distribution of case workloads over time. This slide deck contains findings from this analysis.
  • Vulnerability Analysis CERT/CC
  • Publisher: Software Engineering Institute
  • Abstract

    The CERT/CC has pioneered the Coordinated Vulnerability Disclosure (CVD) process from our inception in 1988 to the present. In the past year, we have been analyzing our own case tracking data between 1993 and 2017, with a focus on the distribution of case workloads over time. This slide deck contains preliminary findings from that analysis, showing how over time the workload is dominated by a relatively small number of cases – and why as a result, CVD participants shouldn't rely exclusively on traditional measures, such as case counts or averages when assessing the impact of their CVD efforts.

    This presentation is a counterpart to the CERT Guide to Coordinated Vulnerability Disclosure. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=503330

  • Download