Dataset to Examine the Vulnerability Counts and Patching Behavior of 104 IoT Vendors

This dataset aims to analyze persistent issues in IoT security, focusing on vendor responsibility. We investigate whether IoT-centric vendors perform worse than industry counterparts. Analyzing NVD data (30,056 CVEs) for 104 IoT vendors from January 2016 to November 2022, we consider factors like vendor size, location, and vulnerability disclosure policy. Our analysis reveals that IoT-centric vendors tend to produce more vulnerabilities.<br>Examining patching behavior, we collect unique data on the availability and timeliness of patches for 2,741 vulnerabilities (both IoT and non-IoT) from 104 leading vendors. Surprisingly, IoT-centric vendors are not worse; they release more patches on time compared to non-IoT-centric vendors. This dataset deepens understanding of IoT security factors and offers empirical insights for regulatory interventions to enhance IoT vendor security performance.<br><br><br><br><br>

本数据集旨在剖析物联网（IoT）安全领域的长期顽疾，重点聚焦厂商责任议题，旨在探究物联网专属厂商的安全表现是否劣于其他行业同行。我们以2016年1月至2022年11月期间104家物联网厂商的国家漏洞数据库（National Vulnerability Database，NVD）数据为分析样本，该数据集包含30056条通用漏洞与披露（Common Vulnerabilities and Exposures，CVE）条目，同时考量厂商规模、地域分布以及漏洞披露政策等多项因素。分析结果显示，物联网专属厂商所产生的漏洞数量往往多于其他行业厂商。 在补丁管理行为分析方面，我们收集了来自104家头部厂商的2741条漏洞（涵盖物联网及非物联网相关漏洞）的补丁可用性与补丁时效性独有数据。令人意外的是，物联网专属厂商的安全表现并未劣于其他行业厂商；相较于非物联网专属厂商，它们按时发布补丁的比例更高。 本数据集深化了学界对物联网安全影响因素的认知，同时为旨在提升物联网厂商安全表现的监管干预举措提供了实证参考依据。