Abstract

Past studies have shown that vulnerabilities in software are often exploited for years after the existence of the vulnerability is disclosed. Our project will leverage Symantec's WINE data set to understand the rate at which vulnerabilities are patched and how the number of affected machines changes over time. We will also conduct a study with system administrators to statistically investigate various hypotheses related to how sys-admins prioritize which vulnerabilities to patch. Finally, we are conducting user studies to determine the reasons why users choose to patch software and examine whether this qualitative data is supported by the WINE data set. Our goal is to develop guidelines to improve the rate of patching from both the technical and user perspectives.

V Subrahmanian