IDEAS home Printed from https://ideas.repec.org/a/plo/pone00/0230250.html
   My bibliography  Save this article

Multiple social platforms reveal actionable signals for software vulnerability awareness: A study of GitHub, Twitter and Reddit

Author

Listed:
  • Prasha Shrestha
  • Arun Sathanur
  • Suraj Maharjan
  • Emily Saldanha
  • Dustin Arendt
  • Svitlana Volkova

Abstract

The awareness about software vulnerabilities is crucial to ensure effective cybersecurity practices, the development of high-quality software, and, ultimately, national security. This awareness can be better understood by studying the spread, structure and evolution of software vulnerability discussions across online communities. This work is the first to evaluate and contrast how discussions about software vulnerabilities spread on three social platforms—Twitter, GitHub, and Reddit. Moreover, we measure how user-level e.g., bot or not, and content-level characteristics e.g., vulnerability severity, post subjectivity, targeted operating systems as well as social network topology influence the rate of vulnerability discussion spread. To lay the groundwork, we present a novel fundamental framework for measuring information spread in multiple social platforms that identifies spread mechanisms and observables, units of information, and groups of measurements. We then contrast topologies for three social networks and analyze the effect of the network structure on the way discussions about vulnerabilities spread. We measure the scale and speed of the discussion spread to understand how far and how wide they go, how many users participate, and the duration of their spread. To demonstrate the awareness of more impactful vulnerabilities, a subset of our analysis focuses on vulnerabilities targeted during recent major cyber-attacks and those exploited by advanced persistent threat groups. One of our major findings is that most discussions start on GitHub not only before Twitter and Reddit, but even before a vulnerability is officially published. The severity of a vulnerability contributes to how much it spreads, especially on Twitter. Highly severe vulnerabilities have significantly deeper, broader and more viral discussion threads. When analyzing vulnerabilities in software products we found that different flavors of Linux received the highest discussion volume. We also observe that Twitter discussions started by humans have larger size, breadth, depth, adoption rate, lifetime, and structural virality compared to those started by bots. On Reddit, discussion threads of positive posts are larger, wider, and deeper than negative or neutral posts. We also found that all three networks have high modularity that encourages spread. However, the spread on GitHub is different from other networks, because GitHub is more dense, has stronger community structure and assortativity that enhances information diffusion. We anticipate the results of our analysis to not only increase the understanding of software vulnerability awareness but also inform the existing and new analytical frameworks for simulating information spread e.g., disinformation across multiple social environments online.

Suggested Citation

  • Prasha Shrestha & Arun Sathanur & Suraj Maharjan & Emily Saldanha & Dustin Arendt & Svitlana Volkova, 2020. "Multiple social platforms reveal actionable signals for software vulnerability awareness: A study of GitHub, Twitter and Reddit," PLOS ONE, Public Library of Science, vol. 15(3), pages 1-28, March.
  • Handle: RePEc:plo:pone00:0230250
    DOI: 10.1371/journal.pone.0230250
    as

    Download full text from publisher

    File URL: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0230250
    Download Restriction: no

    File URL: https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0230250&type=printable
    Download Restriction: no

    File URL: https://libkey.io/10.1371/journal.pone.0230250?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Wu, Xiaoyan & Liu, Zonghua, 2008. "How community structure influences epidemic spread in social networks," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 387(2), pages 623-630.
    2. Sharad Goel & Ashton Anderson & Jake Hofman & Duncan J. Watts, 2016. "The Structural Virality of Online Diffusion," Management Science, INFORMS, vol. 62(1), pages 180-196, January.
    3. Stefanie Haustein & Timothy D. Bowman & Kim Holmberg & Andrew Tsou & Cassidy R. Sugimoto & Vincent Larivière, 2016. "Tweets as impact indicators: Examining the implications of automated “bot” accounts on Twitter," Journal of the Association for Information Science & Technology, Association for Information Science & Technology, vol. 67(1), pages 232-238, January.
    4. Chengcheng Shao & Giovanni Luca Ciampaglia & Onur Varol & Kai-Cheng Yang & Alessandro Flammini & Filippo Menczer, 2018. "The spread of low-credibility content by social bots," Nature Communications, Nature, vol. 9(1), pages 1-9, December.
    5. Palma, J.G., 2011. "Homogeneous middles vs. heterogeneous tails, and the end of the ‘Inverted-U’: the share of the rich is what it's all about," Cambridge Working Papers in Economics 1111, Faculty of Economics, University of Cambridge.
    6. Philipp Singer & Emilio Ferrara & Farshad Kooti & Markus Strohmaier & Kristina Lerman, 2016. "Evidence of Online Performance Deterioration in User Sessions on Reddit," PLOS ONE, Public Library of Science, vol. 11(8), pages 1-16, August.
    7. Robert M. Bond & Christopher J. Fariss & Jason J. Jones & Adam D. I. Kramer & Cameron Marlow & Jaime E. Settle & James H. Fowler, 2012. "A 61-million-person experiment in social influence and political mobilization," Nature, Nature, vol. 489(7415), pages 295-298, September.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Konstantinos Charmanas & Nikolaos Mittas & Lefteris Angelis, 2024. "Content and interaction-based mapping of Reddit posts related to information security," Journal of Computational Social Science, Springer, vol. 7(2), pages 1187-1222, October.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Massimo Marchiori & Lino Possamai, 2020. "Strategies of Success for Social Networks: Mermaids and Temporal Evolution," Future Internet, MDPI, vol. 12(2), pages 1-30, February.
    2. Muller, Eitan & Peres, Renana, 2019. "The effect of social networks structure on innovation performance: A review and directions for research," International Journal of Research in Marketing, Elsevier, vol. 36(1), pages 3-19.
    3. Eunae Yoo & Elliot Rabinovich & Bin Gu, 2020. "The Growth of Follower Networks on Social Media Platforms for Humanitarian Operations," Production and Operations Management, Production and Operations Management Society, vol. 29(12), pages 2696-2715, December.
    4. Oasis Kodila-Tedika & Simplice A. Asongu & Julio Mukendi Kayembe, 2016. "Middle Class in Africa: Determinants and Consequences," International Economic Journal, Taylor & Francis Journals, vol. 30(4), pages 527-549, October.
    5. Casanova, Luis. & Alejo, Javier., 2015. "El efecto de la negociación colectiva sobre la distribución de los ingresos laborales evidencia empírica para Argentina en los años dos mil," ILO Working Papers 994875473402676, International Labour Organization.
    6. Mauricio Velasquez, 2016. "Compositions vs Gini: A new metric to evaluate the effects of land-income disparities," 2016 Papers pve364, Job Market Papers.
    7. Johnson, Nathan & Turnbull, Benjamin & Reisslein, Martin, 2022. "Social media influence, trust, and conflict: An interview based study of leadership perceptions," Technology in Society, Elsevier, vol. 68(C).
    8. Alan Gerber & Mitchell Hoffman & John Morgan & Collin Raymond, 2020. "One in a Million: Field Experiments on Perceived Closeness of the Election and Voter Turnout," American Economic Journal: Applied Economics, American Economic Association, vol. 12(3), pages 287-325, July.
    9. Alex Izurieta & Pierre Kohler & Juan Pizarro, 2018. "Financialization, Trade, and Investment Agreements: Through the Looking Glass or Through the Realities of Income Distribution and Government Policy?," GDAE Working Papers 18-02, GDAE, Tufts University.
    10. Buechel, Berno & Klößner, Stefan & Meng, Fanyuan & Nassar, Anis, 2023. "Misinformation due to asymmetric information sharing," Journal of Economic Dynamics and Control, Elsevier, vol. 150(C).
    11. Carattini, Stefano & Fankhauser, Sam & Gao, Jianjian & Gennaioli, Caterina & Panzarasa, Pietro, 2023. "What does network analysis teach us about international environmental cooperation?," Ecological Economics, Elsevier, vol. 205(C).
    12. Kenju Kamei & Louis Putterman & Jean-Robert Tyran, 2019. "Civic Engagement as a Second-Order Public Good: The Cooperative Underpinnings of the Accountable State," Discussion Papers 19-10, University of Copenhagen. Department of Economics.
    13. Ruyi Ge & Juan Feng & Bin Gu, 2016. "Borrower’s default and self-disclosure of social media information in P2P lending," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 2(1), pages 1-6, December.
    14. Shang, Jiaxing & Liu, Lianchen & Li, Xin & Xie, Feng & Wu, Cheng, 2016. "Targeted revision: A learning-based approach for incremental community detection in dynamic networks," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 443(C), pages 70-85.
    15. Jiang, Lincheng & Zhao, Xiang & Ge, Bin & Xiao, Weidong & Ruan, Yirun, 2019. "An efficient algorithm for mining a set of influential spreaders in complex networks," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 516(C), pages 58-65.
    16. Kristina Gavin Bigsby & Jeffrey W. Ohlmann & Kang Zhao, 2017. "Online and Off the Field: Predicting School Choice in College Football Recruiting from Social Media Data," Decision Analysis, INFORMS, vol. 14(4), pages 261-273, December.
    17. Rémi Bazillier & Jérôme Héricourt & Samuel Ligonnière, 2017. "Structure of Income Inequality and Household Leverage: Theory and Cross-Country Evidence," Working Papers 2017-01, CEPII research center.
    18. Yann Algan & Quoc-Anh Do & Nicolò Dalvit & Alexis Le Chapelain & Yves Zenou, 2015. "How Social Networks Shape Our Beliefs: A Natural Experiment among Future French Politicians," Working Papers hal-03459820, HAL.
    19. Xie, Xiaoxiao & Huo, Liang’an, 2024. "The coupled dynamics of information-behavior-epidemic propagation considering the heterogeneity of adoption thresholds and network structures in multiplex networks," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 647(C).
    20. Mechtenberg, Lydia & Tyran, Jean-Robert, 2019. "Voter motivation and the quality of democratic choice," Games and Economic Behavior, Elsevier, vol. 116(C), pages 241-259.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:plo:pone00:0230250. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: plosone (email available below). General contact details of provider: https://journals.plos.org/plosone/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.