Finding and fixing software vulnerabilities has become a major struggle for most software-development companies. While generally without alternative, such fixing efforts are a major cost factor, which is why companies have a vital interest in focusing their secure software development activities such that they obtain an optimal return on this investment.
Thus, investigating which factors have the largest impact on the actual fix time is an important research area. To shed some light on this area, we analysed the times for fixing security vulnerabilities at SAP. The results of our study have been published in the Journal on Data Science and Engineering (DSEJ) .
Ben Othmane, L., Chehrazi, G., Bodden, E., Tsalovski, P., & Brucker, A.D. (2016). Time for Addressing Software Security Issues: Prediction Models and Impacting Factors Data Science and Engineering DOI: 10.1007/s41019-016-0019-8
1. Othmane, L. ben, Chehrazi, G., Bodden, E., Tsalovski, P., and Brucker, A. D. “Time for Addressing Software Security Issues: Prediction Models and Impacting Factors” Data Science and Engineering (dsej) (2016): doi:10.1007/s41019-016-0019-8, URL: http://www.brucker.ch/bibliography/abstract/othmane.ea-fix-effort-2016