TY - DATA
T1 - Dataset to Examine the Vulnerability Counts and Patching Behavior of 104 IoT Vendors
PY - 2023/11/29
AU - Sandra  Rivera PĂ©rez
AU - Carlos Hernandez Ganan
AU - Michel van Eeten
UR - 
DO - 10.4121/84e7ddd5-e623-41d0-885d-d69a67907d54.v1
KW - Internet of Things (IoT)
KW - Security and Privacy
KW - Empirical analysis
KW - Vulnerabilities
KW - Patching
N2 - <p>This dataset aims to analyze persistent issues in IoT security, focusing on vendor responsibility. We investigate whether IoT-centric vendors perform worse than industry counterparts. Analyzing NVD data (30,056 CVEs) for 104 IoT vendors from January 2016 to November 2022, we consider factors like vendor size, location, and vulnerability disclosure policy. Our analysis reveals that IoT-centric vendors tend to produce more vulnerabilities.</p><p></p><p>Examining patching behavior, we collect unique data on the availability and timeliness of patches for 2,741 vulnerabilities (both IoT and non-IoT) from 104 leading vendors. Surprisingly, IoT-centric vendors are not worse; they release more patches on time compared to non-IoT-centric vendors. This dataset deepens understanding of IoT security factors and offers empirical insights for regulatory interventions to enhance IoT vendor security performance.</p><p></p><p></p><p></p><p></p><p></p>
ER -