The doi above is for this specific version of this dataset, which is currently the latest. Newer versions may be published in the future. For a link that will always point to the latest version, please use
doi: 10.4121/84e7ddd5-e623-41d0-885d-d69a67907d54

Rivera Pérez, Sandra ; Hernandez Ganan, Carlos; van Eeten, Michel (2023): Dataset to Examine the Vulnerability Counts and Patching Behavior of 104 IoT Vendors. Version 1. 4TU.ResearchData. dataset. https://doi.org/10.4121/84e7ddd5-e623-41d0-885d-d69a67907d54.v1

Dataset

• Communications Technologies
• Communication Networks and Services
• Information Systems
• Information and Communication Services
• Technology
• Information and Computing Sciences

Empirical analysis, Internet of Things (IoT), Patching, Security and Privacy, Vulnerabilities

CC BY 4.0

RefWorks, BibTeX, Reference Manager, Endnote, DataCite, NLM, DC, CFF

by Sandra Rivera Pérez , Carlos Hernandez Ganan , Michel van Eeten

This dataset aims to analyze persistent issues in IoT security, focusing on vendor responsibility. We investigate whether IoT-centric vendors perform worse than industry counterparts. Analyzing NVD data (30,056 CVEs) for 104 IoT vendors from January 2016 to November 2022, we consider factors like vendor size, location, and vulnerability disclosure policy. Our analysis reveals that IoT-centric vendors tend to produce more vulnerabilities.

Examining patching behavior, we collect unique data on the availability and timeliness of patches for 2,741 vulnerabilities (both IoT and non-IoT) from 104 leading vendors. Surprisingly, IoT-centric vendors are not worse; they release more patches on time compared to non-IoT-centric vendors. This dataset deepens understanding of IoT security factors and offers empirical insights for regulatory interventions to enhance IoT vendor security performance.

• 2023-11-29 first online, published, posted

4TU.ResearchData

csv

• INTERSCT project (grant code NWA.1160.18.301) Netherlands Organisation for Scientific Research (NWO)