Windows of Vulnerability: A Case Study Analysis

The authors propose a life-cycle model for system vulnerabilities, applying to three case studies to show how systems remain vulnerable long after security fixes are available. Complex information and communication systems give rise to design, implementation, and management errors, leading to a vulnerability in an information technology product that can allow security policy violations. Using their vulnerability life-cycle model, the authors present a case study analysis of specific computer vulnerabilities. For each case, the authors provide background information about the vulnerability, such as how attackers exploited it and which systems were affected. They tie the case to the life-cycle model by identifying the dates for each state within the model. Finally, they use a histogram of reported intrusions to show the life of the vulnerability and conclude with an analysis specific to the particular vulnerability.