Upstream Dominance in Qubes OS Advisory Record
Arxiv
other
2026-07-01T00:00:00
arXiv Paper — PDF not available.
Only the Executive Summary is available here. To read or download the full paper, visit the
arXiv abstract page.
Abstract
Qubes OS is a revealing case for security measurement because its architecture makes component boundaries security-relevant. We present a protocol-driven longitudinal analysis of 109 public Qubes Security Bulletins (QSBs, 20112025), the official Qubes-maintained Xen Security Advisory (XSA) tracker, and a secondary vulnerability-event sensitivity series. The study measures the public advisory record rather than latent vulnerability incidence or realized compromise. The methodology combines audited deterministic component attribution, changepoint analysis, overdispersion checks, severity-proxy weighting, censoring sensitivity, documentary latency lower bounds, and baseline-aware evaluation of vulnerability discovery models (VDMs).
Loading executive summary...