Our (in)Secure Web: Understanding Update Behavior of Websites and Its Impact on Security

  • Software updates take an essential role in keeping IT environments secure. If service providers delay or do not install updates, it can cause unwanted security implications for their environments. This paper conducts a large-scale measurement study of the update behavior of websites and their utilized software stacks. Across 18 months, we analyze over 5.6M websites and 246 distinct client- and server-side software distributions. We found that almost all analyzed sites use outdated software. To understand the possible security implications of outdated software, we analyze the potential vulnerabilities that affect the utilized software. We show that software components are getting older and more vulnerable because they are not updated. We find that 95 % of the analyzed websites use at least one product for which a vulnerability existed.

Export metadata

Additional Services

Share in Twitter Search Google Scholar
Author:Nurullah Demir, Tobias Urban, Kevin Wittek, Norberg Pohlmann
Parent Title (German):Passive and Aktive Measurement : 22nd International Conference, PAM, Virtual Event, March 29 - April 2, 2021, Proceedings
Document Type:Article
Date of Publication (online):2024/01/16
Year of first Publication:2021
Publishing Institution:Westfälische Hochschule Gelsenkirchen Bocholt Recklinghausen
Release Date:2024/02/23
Licence (German):License LogoEs gilt das Urheberrechtsgesetz

$Rev: 13159 $