Dataset to Examine the Vulnerability Counts and Patching Behavior of 104 IoT Vendors

DOI:10.4121/84e7ddd5-e623-41d0-885d-d69a67907d54.v1
The DOI displayed above is for this specific version of this dataset, which is currently the latest. Newer versions may be published in the future. For a link that will always point to the latest version, please use
DOI: 10.4121/84e7ddd5-e623-41d0-885d-d69a67907d54
Datacite citation style:
Rivera Pérez, Sandra ; Hernandez Ganan, Carlos; van Eeten, Michel (2023): Dataset to Examine the Vulnerability Counts and Patching Behavior of 104 IoT Vendors. Version 1. 4TU.ResearchData. dataset. https://doi.org/10.4121/84e7ddd5-e623-41d0-885d-d69a67907d54.v1
Other citation styles (APA, Harvard, MLA, Vancouver, Chicago, IEEE) available at Datacite

Dataset

This dataset aims to analyze persistent issues in IoT security, focusing on vendor responsibility. We investigate whether IoT-centric vendors perform worse than industry counterparts. Analyzing NVD data (30,056 CVEs) for 104 IoT vendors from January 2016 to November 2022, we consider factors like vendor size, location, and vulnerability disclosure policy. Our analysis reveals that IoT-centric vendors tend to produce more vulnerabilities.

Examining patching behavior, we collect unique data on the availability and timeliness of patches for 2,741 vulnerabilities (both IoT and non-IoT) from 104 leading vendors. Surprisingly, IoT-centric vendors are not worse; they release more patches on time compared to non-IoT-centric vendors. This dataset deepens understanding of IoT security factors and offers empirical insights for regulatory interventions to enhance IoT vendor security performance.

History

  • 2023-11-29 first online, published, posted

Publisher

4TU.ResearchData

Format

csv

Funding

  • INTERSCT project (grant code NWA.1160.18.301) Netherlands Organisation for Scientific Research (NWO)

DATA

Files (3)