Hello all,In context of my analysis of the delay between vulnerability disclosure (CVE release) and the release of a corresponding patch I am also analyzing the relation between the delay and various vulnerability characteristics.
The attached figure shows the relation between Access Complexity as used by NVD and defined in CVSS. The Y-Axis shows the average delay for each category (Low, Medium, High). The numbers on top of the bars show the number of vulnerabilities in the respective category.
I was hoping, that someone is able to help me explain the relation that can be seen in the figure. Why would a higher Access Complexity lead to shorter patching delay? Or is the relation maybe just random and there is no actual connection between the two metrics?
Stefan
Attachment:
PatchingDelay_KVM.png
Description: PNG image
