search menu icon-carat-right cmu-wordmark

Analyzing 24 Years of CVD

March 2018 Presentation
Allen D. Householder

The CERT/CC has pioneered the Coordinated Vulnerability Disclosure (CVD) process. In the past year, they analyzed their case tracking data, focusing on the distribution of case workloads over time. This slide deck contains findings from this analysis.

Publisher:

Software Engineering Institute

Subjects

Abstract

The CERT/CC has pioneered the Coordinated Vulnerability Disclosure (CVD) process from our inception in 1988 to the present. In the past year, we have been analyzing our own case tracking data between 1993 and 2017, with a focus on the distribution of case workloads over time. This slide deck contains preliminary findings from that analysis, showing how over time the workload is dominated by a relatively small number of cases – and why as a result, CVD participants shouldn't rely exclusively on traditional measures, such as case counts or averages when assessing the impact of their CVD efforts.

This presentation is a counterpart to the CERT Guide to Coordinated Vulnerability Disclosure. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=503330