BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Milk or wine: does software security improve with age? - Andy Ozme
 nt\, Computer Laboratory\, University of Cambridge
DTSTART:20060725T151500Z
DTEND:20060725T161500Z
UID:TALK5480@talks.cam.ac.uk
CONTACT:Saar Drimer
DESCRIPTION:We examine the code base of the OpenBSD operating system to de
 termine whether its security is increasing over time. We measure the rate 
 at which new code has been introduced and the rate at which vulnerabilitie
 s have been reported over the last 7.5 years and fifteen versions. We lear
 n that 61% of the lines of code in today's OpenBSD are foundational: they 
 were introduced prior to the release of the initial version we studied and
  have not been altered since. We also learn that 62% of reported vulnerabi
 lities were present when the study began and can also be considered to be 
 foundational. We find strong statistical evidence of a decrease in the rat
 e at which foundational vulnerabilities are being reported. However\, this
  decrease is anything but brisk: foundational vulnerabilities have a media
 n lifetime of at least 2.6 years. Finally\, we examined the density of vul
 nerabilities in the code that was altered/introduced in each version. The 
 densities ranged from 0 to 0.033 vulnerabilities reported per thousand lin
 es of code. These densities will increase as more vulnerabilities are repo
 rted.
LOCATION:Lecture Theatre 2\, Computer Laboratory\, William Gates Building
END:VEVENT
END:VCALENDAR