Windows of Vulnerability: A Case Study Analysis

TitleWindows of Vulnerability: A Case Study Analysis
Publication TypeMagazine Articles
Year of Publication2000
AuthorsArbaugh WA, Fithen WL, McHugh J
MagazineComputer
Volume33
Issue Number12
Pagination52 - 59
Date Published2000///
ISBN Number0018-9162
Abstract

The authors propose a life-cycle model for system vulnerabilities, applying to three case studies to show how systems remain vulnerable long after security fixes are available. Complex information and communication systems give rise to design, implementation, and management errors, leading to a vulnerability in an information technology product that can allow security policy violations. Using their vulnerability life-cycle model, the authors present a case study analysis of specific computer vulnerabilities. For each case, the authors provide background information about the vulnerability, such as how attackers exploited it and which systems were affected. They tie the case to the life-cycle model by identifying the dates for each state within the model. Finally, they use a histogram of reported intrusions to show the life of the vulnerability and conclude with an analysis specific to the particular vulnerability.