Abstract
The paper examines the handling times of software vulnerabilities in CPython, the reference implementation and interpreter for the today's likely most popular programming language, Python. The background comes from the so-called vulnerability life cycle analysis, the literature on bug fixing times, and the recent research on security of Python software. Based on regression analysis, the associated vulnerability fixing times can be explained very well merely by knowing who have reported the vulnerabilities. Severity, proof-of-concept code, commits made to a version control system, comments posted on a bug tracker, and references to other sources do not explain the vulnerability fixing times. With these results, the paper contributes to the recent effort to better understand security of the Python ecosystem.
| Originalsprog | Engelsk |
|---|---|
| Titel | 2025 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) |
| Forlag | IEEE |
| Publikationsdato | 2025 |
| Sider | 891-896 |
| ISBN (Elektronisk) | 9798331535100 |
| DOI | |
| Status | Udgivet - 2025 |
| Begivenhed | 32nd IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2025 - Montreal, Canada Varighed: 4. mar. 2025 → 7. mar. 2025 |
Konference
| Konference | 32nd IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2025 |
|---|---|
| Land/Område | Canada |
| By | Montreal |
| Periode | 04/03/2025 → 07/03/2025 |
| Sponsor | Canada�s Institute for Data Valorization (IVADO), Huawei, IEEE Computer Society�s Technical Council on Software Engineering (TCSE), Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2), Polytechnique Montréal |
| Navn | Proceedings - IEEE International Conference on Software Analysis, Evolution and Reengineering |
|---|---|
| ISSN | 1534-5351 |
Bibliografisk note
Publisher Copyright:© 2025 IEEE.