Software vulnerabilities are more likely to be discussed on social media before they're revealed on a government reporting site, a practice that could pose a national security threat, according to computer scientists at the U.S. Department of Energy's Pacific Northwest National Laboratory.
At the same time, those vulnerabilities present a cybersecurity opportunity for governments to more closely monitor social media discussions about software gaps, the researchers assert. Their findings were published recently in the journal PLOS One.
"Some of these software vulnerabilities have been targeted and exploited by adversaries of the United States. We wanted to see how discussions around these vulnerabilities evolved," said lead author Svitlana Volkova, senior research scientist in the Data Sciences and Analytics Group at PNNL. "Social cybersecurity is a huge threat. Being able to measure how different types of vulnerabilities spread across platforms is really needed."
Social media -- especially GitHub -- leads the way
Their research showed that a quarter of social media discussions about software vulnerabilities from 2015 through 2017 appeared on social media sites before landing in the National Vulnerability Database, the official U.S. repository for such information. Further, for this segment of vulnerabilities, it took an average of nearly 90 days for the gap discussed on social media to show up in the national database.
The research focused on three social platforms -- GitHub, Twitter and Reddit -- and evaluated how discussions about software vulnerabilities spread on each of them. The analysis showed that GitHub, a popular networking and development site for programmers, was by far the most likely of the three sites to be the starting point for discussion about software vulnerabilities.
advertisement
It makes sense that GitHub would be the launching point for ..
Support the originator by clicking the read the rest link below.
