The Tweet Advantage: An Empirical Analysis of 0-Day Vulnerability Information Shared on Twitter

Sauerwein, Clemens; Sillaber, Christian; Huber, Michael M.; Mussmann, Andrea; Breu, Ruth

doi:10.1007/978-3-319-99828-2_15

Cited by 20 publications

(9 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To the best of our knowledge, Sauerwein et al performed the most similar study to the one present on this paper [55]. For two years, the authors collected all tweets with a CVE-ID in its text.…”

Section: Cybersecurity-related Osint Studiesmentioning

confidence: 96%

See 1 more Smart Citation

Follow the Blue Bird: A Study on Threat Data Published on Twitter

Alves

Andongabo

Gashi

et al. 2020

Computer Security – ESORICS 2020

View full text Add to dashboard Cite

Open Source Intelligence (OSINT) has taken the interest of cybersecurity practitioners due to its completeness and timeliness. In particular, Twitter has proven to be a discussion hub regarding the latest vulnerabilities and exploits. In this paper, we present a study comparing vulnerability databases between themselves and against Twitter. Although there is evidence of OSINT advantages, no methodological studies have addressed the quality and benefits of the sources available. We compare the publishing dates of more than nine-thousand vulnerabilities in the sources considered. We show that NVD is not the most timely or the most complete vulnerability database, that Twitter provides timely and impactful security alerts, that using diverse OSINT sources provides better completeness and timeliness of vulnerabilities, and provide insights on how to capture cybersecurity-relevant tweets.

show abstract

Section: Cybersecurity-related Osint Studiesmentioning

confidence: 96%

“…As the NVD is considered a standard for consulting vulnerability data, many research works use only the NVD as their vulnerability database (e.g., [42,47,50,55]). This is a natural choice since the NVD includes multiple resources for further understanding of the issue at hand.…”

Section: Vulnerability Database Comparisonmentioning

confidence: 99%

Follow the Blue Bird: A Study on Threat Data Published on Twitter

Alves

Andongabo

Gashi

et al. 2020

Computer Security – ESORICS 2020

View full text Add to dashboard Cite

show abstract

“…3 visualizes the second-level (2LD) and top-level (TLD) domain names extracted from the uniform resource locators (URLs) present in the hyperlinks, using the so-called public suffix list for the comparisons [16]. Although social media has been suspected to play an increasingly important role [31,44], the illustration clearly indicates that plugin vulnerabilities are commonly disseminated through very traditional channels for communicating security issues in the OSS context. In fact, social media is hardly even present.…”

Section: Overviewmentioning

confidence: 99%

A Demand-Side Viewpoint to Software Vulnerabilities in WordPress Plugins

Ruohonen

2019

Proceedings of the Evaluation and Assessment on Software Engineering

View full text Add to dashboard Cite

WordPress has long been the most popular content management system (CMS). This CMS powers millions and millions of websites. Although WordPress has had a particularly bad track record in terms of security, in recent years many of the well-known security risks have transmuted from the core WordPress to the numerous plugins and themes written for the CMS. Given this background, the paper analyzes known software vulnerabilities discovered from WordPress plugins. A demand-side viewpoint was used to motivate the analysis; the basic hypothesis is that plugins with large installation bases have been affected by multiple vulnerabilities. As the hypothesis also holds according to the empirical results, the paper contributes to the recent discussion about common security folklore. A few general insights are also provided about the relation between software vulnerabilities and software maintenance. CCS CONCEPTS• Security and privacy → Web application security;

show abstract

“…The identification of characteristics of cyber-attacks is devoted to work [4,5,6]. The denial of service (DoS) cyber-attacks [7], the study of worms and botnet activity [8], the analysis of data on the number of cyber-attacks collected in a black hole [9] and in one-way motion [10] are investigated in the scientific literature. Studies [11,12] are devoted to classifying data into classes.…”

Section: Introductionmentioning

confidence: 99%

Setting the Optimum Time for a Special Audit to Improve the Enterprise's Cyber Security

Oleg,

Yevhen

2020

IJEAT

View full text Add to dashboard Cite

The article presents a method for setting the optimal time for special audit to improve the level of cyber defense of an enterprise working in the field of market relations of IT services. Studying the issue of providing measures to reduce the risk of a cyber-incident, analyzed the time series of the intensity of cyber-attacks of the enterprise. An analytical function of the cyber-attack intensity at an enterprise that satisfies the nonlinear Bernoulli differential equation is considered. The elasticity interval of the analytic function of the cyber-attack intensity at the enterprise is found. Analysis of cyber-attack time series on the enterprise system for the same time periods falling within the time interval from the end of the planned audit to the beginning of the next one. An analytical alignment of the time series of the cyber-attack intensity function was performed using a logistic curve. A stepwise p-transformation of a small parameter into a cyber-attack intensity function for an enterprise was introduced and the dimensionlessness of the variables was performed, which made it possible to calculate the sensitivity of a dimensionless cyber-attack intensity function from a small parameter p over a set time period. The study is based on the application of the theory of elasticity of the intensity function of cyber-attacks, which determines the time interval at which to conduct a special audit at the enterprise. Due to the found elasticity interval of the cyber-attack intensity function, the optimal time for special audit was determined.

show abstract

The Tweet Advantage: An Empirical Analysis of 0-Day Vulnerability Information Shared on Twitter

Cited by 20 publications

References 28 publications

Follow the Blue Bird: A Study on Threat Data Published on Twitter

Follow the Blue Bird: A Study on Threat Data Published on Twitter

A Demand-Side Viewpoint to Software Vulnerabilities in WordPress Plugins

Setting the Optimum Time for a Special Audit to Improve the Enterprise's Cyber Security

Contact Info

Product

Resources

About