I thought I had posted this link in the past, but it turns out I did not, so …

Last summer (2007), one of my papers was published in IEEE Security & Privacy, which describes a method for estimating the number of disclosed but unfixed vulnerabilities in some version of software utilizing publicly available data. 

The citation reference is:

Jeffrey R. Jones, “Estimating Software Vulnerabilities,” IEEE Security & Privacy, vol. 5, no. 4, 2007, pp. 28-32.

IEEE kindly made the paper available online and as a downloadable document here.

About the Author

Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »