For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
16
views
23
references
 Top references
cited by
5
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    0
    shares
      315
      similar
       All similar
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Multiple social platforms reveal actionable signals for software vulnerability awareness: A study of GitHub, Twitter and Reddit

      research-article

      Read this article at

      ScienceOpenPublisherPMC
      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          The awareness about software vulnerabilities is crucial to ensure effective cybersecurity practices, the development of high-quality software, and, ultimately, national security. This awareness can be better understood by studying the spread, structure and evolution of software vulnerability discussions across online communities. This work is the first to evaluate and contrast how discussions about software vulnerabilities spread on three social platforms—Twitter, GitHub, and Reddit. Moreover, we measure how user-level e.g., bot or not, and content-level characteristics e.g., vulnerability severity, post subjectivity, targeted operating systems as well as social network topology influence the rate of vulnerability discussion spread. To lay the groundwork, we present a novel fundamental framework for measuring information spread in multiple social platforms that identifies spread mechanisms and observables, units of information, and groups of measurements. We then contrast topologies for three social networks and analyze the effect of the network structure on the way discussions about vulnerabilities spread. We measure the scale and speed of the discussion spread to understand how far and how wide they go, how many users participate, and the duration of their spread. To demonstrate the awareness of more impactful vulnerabilities, a subset of our analysis focuses on vulnerabilities targeted during recent major cyber-attacks and those exploited by advanced persistent threat groups. One of our major findings is that most discussions start on GitHub not only before Twitter and Reddit, but even before a vulnerability is officially published. The severity of a vulnerability contributes to how much it spreads, especially on Twitter. Highly severe vulnerabilities have significantly deeper, broader and more viral discussion threads. When analyzing vulnerabilities in software products we found that different flavors of Linux received the highest discussion volume. We also observe that Twitter discussions started by humans have larger size, breadth, depth, adoption rate, lifetime, and structural virality compared to those started by bots. On Reddit, discussion threads of positive posts are larger, wider, and deeper than negative or neutral posts. We also found that all three networks have high modularity that encourages spread. However, the spread on GitHub is different from other networks, because GitHub is more dense, has stronger community structure and assortativity that enhances information diffusion. We anticipate the results of our analysis to not only increase the understanding of software vulnerability awareness but also inform the existing and new analytical frameworks for simulating information spread e.g., disinformation across multiple social environments online.

          Related collections

          Most cited references23

          • Record: found
          • Abstract: found
          • Article: not found

          The spread of behavior in an online social network experiment.

          Damon Centola (2010)
          How do social networks affect the spread of behavior? A popular hypothesis states that networks with many clustered ties and a high degree of separation will be less effective for behavioral diffusion than networks in which locally redundant ties are rewired to provide shortcuts across the social space. A competing hypothesis argues that when behaviors require social reinforcement, a network with more clustering may be more advantageous, even if the network as a whole has a larger diameter. I investigated the effects of network structure on diffusion by studying the spread of health behavior through artificially structured online communities. Individual adoption was much more likely when participants received social reinforcement from multiple neighbors in the social network. The behavior spread farther and faster across clustered-lattice networks than across corresponding random networks.
          Article 0 comments Cited 744 times – based on 0 reviews     Review now
            Bookmark
            • Record: found
            • Abstract: found
            • Article: not found

            A 61-million-person experiment in social influence and political mobilization.

            Robert Bond, Christopher J. Fariss, Jason J. Jones (2012)
            Human behaviour is thought to spread through face-to-face social networks, but it is difficult to identify social influence effects in observational studies, and it is unknown whether online social networks operate in the same way. Here we report results from a randomized controlled trial of political mobilization messages delivered to 61 million Facebook users during the 2010 US congressional elections. The results show that the messages directly influenced political self-expression, information seeking and real-world voting behaviour of millions of people. Furthermore, the messages not only influenced the users who received them but also the users' friends, and friends of friends. The effect of social transmission on real-world voting was greater than the direct effect of the messages themselves, and nearly all the transmission occurred between 'close friends' who were more likely to have a face-to-face relationship. These results suggest that strong ties are instrumental for spreading both online and real-world behaviour in human social networks.
            Article 0 comments Cited 624 times – based on 0 reviews     Review now
              Bookmark
              • Record: found
              • Abstract: found
              • Article: not found

              Assortative Mixing in Networks

              M. Newman (2002)
              A network is said to show assortative mixing if the nodes in the network that have many connections tend to be connected to other nodes with many connections. Here we measure mixing patterns in a variety of networks and find that social networks are mostly assortatively mixed, but that technological and biological networks tend to be disassortative. We propose a model of an assortatively mixed network, which we study both analytically and numerically. Within this model we find that networks percolate more easily if they are assortative and that they are also more robust to vertex removal.
              Article 0 comments Cited 597 times – based on 0 reviews     Review now
                Bookmark
                All references

                Author and article information

                Contributors
                Prasha Shrestha:
                ORCID: http://orcid.org/0000-0001-7266-5675
                Role: Data curationRole: Formal analysisRole: InvestigationRole: MethodologyRole: VisualizationRole: Writing – original draft
                Arun Sathanur: Role: Formal analysisRole: Visualization
                Suraj Maharjan: Role: Formal analysisRole: Visualization
                Emily Saldanha: Role: InvestigationRole: MethodologyRole: Writing – original draft
                Dustin Arendt: Role: MethodologyRole: VisualizationRole: Writing – review & editing
                Svitlana Volkova:
                ORCID: http://orcid.org/0000-0002-6131-3073
                Role: ConceptualizationRole: Funding acquisitionRole: MethodologyRole: Project administrationRole: ResourcesRole: SupervisionRole: Writing – original draft
                Sergi Lozano: Role: Editor
                Journal
                Journal ID (nlm-ta): PLoS One
                Journal ID (iso-abbrev): PLoS ONE
                Journal ID (publisher-id): plos
                Journal ID (pmc): plosone
                Title: PLoS ONE
                Publisher: Public Library of Science (San Francisco, CA USA )
                ISSN (Electronic): 1932-6203
                Publication date Collection: 2020
                Publication date (Electronic): 24 March 2020
                Volume: 15
                Issue: 3
                Electronic Location Identifier: e0230250
                Affiliations
                [1 ] Data Sciences and Analytics, Pacific Northwest National Laboratory, Richland, WA, United States of America
                [2 ] Physical and Computational Sciences, Pacific Northwest National Laboratory, Richland, WA, United States of America
                [3 ] Visual Analytics, Pacific Northwest National Laboratory, Richland, WA, United States of America
                Universitat de Barcelona, SPAIN
                Author notes

                Competing Interests: The authors have declared that no competing interests exist.

                Author information
                http://orcid.org/0000-0001-7266-5675
                http://orcid.org/0000-0002-6131-3073
                Article
                Publisher ID: PONE-D-19-13222
                DOI: 10.1371/journal.pone.0230250
                PMC ID: 7092989
                PubMed ID: 32208431
                SO-VID: dbb545d8-fdba-49ba-8233-49d2ea5b6db0
                Copyright © © 2020 Shrestha et al
                License:

                This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

                History
                Date received : 9 May 2019
                Date accepted : 25 February 2020
                Page count
                Figures: 14, Tables: 4, Pages: 28
                Funding
                Funded by: funder-id http://dx.doi.org/10.13039/100000185, Defense Advanced Research Projects Agency;
                Award ID: 71177
                Award Recipient :
                ORCID: http://orcid.org/0000-0002-6131-3073
                The research described in this paper was performed at Pacific Northwest National Laboratory, a multiprogram national laboratory operated by Battelle for the U.S. Department of Energy. This work was supported by Defense Advanced Research Projects Agency (DARPA) SocialSim program, under agreement 71177. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government. The datasets were collected by Leidos, the official data provider for the DARPA SocialSim program.
                Categories
                Subject: Research Article
                Subject: Social Sciences
                Subject: Sociology
                Subject: Communications
                Subject: Social Communication
                Subject: Social Media
                Subject: Twitter
                Subject: Computer and Information Sciences
                Subject: Network Analysis
                Subject: Social Networks
                Subject: Social Media
                Subject: Twitter
                Subject: Social Sciences
                Subject: Sociology
                Subject: Social Networks
                Subject: Social Media
                Subject: Twitter
                Subject: Computer and Information Sciences
                Subject: Network Analysis
                Subject: Social Networks
                Subject: Social Sciences
                Subject: Sociology
                Subject: Social Networks
                Subject: Computer and Information Sciences
                Subject: Network Analysis
                Subject: Social Sciences
                Subject: Sociology
                Subject: Communications
                Subject: Social Communication
                Subject: Social Media
                Subject: Computer and Information Sciences
                Subject: Network Analysis
                Subject: Social Networks
                Subject: Social Media
                Subject: Social Sciences
                Subject: Sociology
                Subject: Social Networks
                Subject: Social Media
                Subject: Computer and Information Sciences
                Subject: Operating Systems
                Subject: Computer and Information Sciences
                Subject: Graph Theory
                Subject: Clustering Coefficients
                Subject: Physical Sciences
                Subject: Mathematics
                Subject: Graph Theory
                Subject: Clustering Coefficients
                Subject: Social Sciences
                Subject: Economics
                Subject: Commerce
                Subject: Vendors
                Subject: Computer and Information Sciences
                Subject: Software Engineering
                Subject: Software Development
                Subject: Engineering and Technology
                Subject: Software Engineering
                Subject: Software Development
                Custom metadata
                Data Availability Data to replicate our analysis and findings can be found here: https://www.openicpsr.org/openicpsr/project/111712 Interactive Jupyter notebooks to replicate our analysis can be found here: https://github.com/pnnl/socialsim_package/tree/master/tutorial/notebooks.

                ScienceOpen disciplines: Uncategorized
                Data availability:
                ScienceOpen disciplines: Uncategorized

                Comments

                Comment on this article

                scite_

                Similar content315

                See all similar

                Cited by5

                See all cited by

                Most referenced authors366

                See all reference authors