cff-version: 1.2.0 abstract: "
This dataset aims to analyze persistent issues in IoT security, focusing on vendor responsibility. We investigate whether IoT-centric vendors perform worse than industry counterparts. Analyzing NVD data (30,056 CVEs) for 104 IoT vendors from January 2016 to November 2022, we consider factors like vendor size, location, and vulnerability disclosure policy. Our analysis reveals that IoT-centric vendors tend to produce more vulnerabilities.
Examining patching behavior, we collect unique data on the availability and timeliness of patches for 2,741 vulnerabilities (both IoT and non-IoT) from 104 leading vendors. Surprisingly, IoT-centric vendors are not worse; they release more patches on time compared to non-IoT-centric vendors. This dataset deepens understanding of IoT security factors and offers empirical insights for regulatory interventions to enhance IoT vendor security performance.
" authors: - family-names: Rivera PĂ©rez given-names: Sandra - family-names: Hernandez Ganan given-names: Carlos - family-names: van Eeten given-names: Michel title: "Dataset to Examine the Vulnerability Counts and Patching Behavior of 104 IoT Vendors" keywords: version: 1 identifiers: - type: doi value: 10.4121/84e7ddd5-e623-41d0-885d-d69a67907d54.v1 license: CC BY 4.0 date-released: 2023-11-29