Exposure of software vulnerabilities on Twitter: Analyzing vendors’ behavior of releasing software patches

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2025-04-01 Epub Date: 2025-01-23 DOI:10.1016/j.cose.2025.104354

Romilla Syed , Joti Kaur , Leiser Silva

{"title":"Exposure of software vulnerabilities on Twitter: Analyzing vendors’ behavior of releasing software patches","authors":"Romilla Syed , Joti Kaur , Leiser Silva","doi":"10.1016/j.cose.2025.104354","DOIUrl":null,"url":null,"abstract":"<div><div>Software vulnerabilities shared and discussed on social media platforms alert malicious users about the existence of vulnerabilities and increase the risk of exploits. In this study, we build a hazard model to explain the effect of social media exposure of software vulnerabilities on vendors’ behavior towards releasing patches. We collect data from multiple sources, including the United States Computer Emergency Readiness Team (US-CERT), the National Vulnerability Database, vendor websites, and Twitter. The results suggest that social media exposure, measured as retweet count, accelerates releasing the patches for immediately disclosed vulnerabilities. Patches are further expedited if the tweets discuss the root-cause or exploit details. Vulnerabilities shared by credible sources are patched faster. Additionally, vulnerability characteristics, such as a higher impact on confidentiality, integrity, or availability and a higher severity level, lead to faster patches. Finally, vulnerabilities that can be exploited remotely are patched faster. Overall, our findings illustrate that social media exposure exacerbates the pressure on vendors to release patches quickly. Thus, policymakers and discoverers can use social media as a tool to further influence vendor behavior in socially desirable ways.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104354"},"PeriodicalIF":5.4000,"publicationDate":"2025-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825000434","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/1/23 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Software vulnerabilities shared and discussed on social media platforms alert malicious users about the existence of vulnerabilities and increase the risk of exploits. In this study, we build a hazard model to explain the effect of social media exposure of software vulnerabilities on vendors’ behavior towards releasing patches. We collect data from multiple sources, including the United States Computer Emergency Readiness Team (US-CERT), the National Vulnerability Database, vendor websites, and Twitter. The results suggest that social media exposure, measured as retweet count, accelerates releasing the patches for immediately disclosed vulnerabilities. Patches are further expedited if the tweets discuss the root-cause or exploit details. Vulnerabilities shared by credible sources are patched faster. Additionally, vulnerability characteristics, such as a higher impact on confidentiality, integrity, or availability and a higher severity level, lead to faster patches. Finally, vulnerabilities that can be exploited remotely are patched faster. Overall, our findings illustrate that social media exposure exacerbates the pressure on vendors to release patches quickly. Thus, policymakers and discoverers can use social media as a tool to further influence vendor behavior in socially desirable ways.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

在Twitter上暴露软件漏洞：分析供应商发布软件补丁的行为

在社交媒体平台上分享和讨论的软件漏洞会提醒恶意用户漏洞的存在，并增加被利用的风险。在本研究中，我们建立了一个危害模型来解释社交媒体曝光软件漏洞对供应商发布补丁行为的影响。我们从多个来源收集数据，包括美国计算机应急准备小组（US-CERT）、国家漏洞数据库、供应商网站和Twitter。结果表明，社交媒体曝光（以转发次数衡量）加速了针对立即暴露的漏洞发布补丁的速度。如果推文讨论了根本原因或漏洞利用细节，补丁程序将进一步加快。可信来源共享的漏洞被修补得更快。此外，漏洞特征（例如对机密性、完整性或可用性的较大影响以及较高的严重性级别）会导致更快地发布补丁。最后，可以远程利用的漏洞可以更快地修补。总的来说，我们的研究结果表明，社交媒体曝光加剧了供应商快速发布补丁的压力。因此，决策者和发现者可以利用社交媒体作为工具，以社会期望的方式进一步影响供应商的行为。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.