Back to Explorer
Research PaperResearchia:202602.05011[Computer Science > Cybersecurity]

Characterizing and Modeling the GitHub Security Advisories Review Pipeline

Claudio Segal

Abstract

GitHub Security Advisories (GHSA) have become a central component of open-source vulnerability disclosure and are widely used by developers and security tools. A distinctive feature of GHSA is that only a fraction of advisories are reviewed by GitHub, while the mechanisms associated with this review process remain poorly understood. In this paper, we conduct a large-scale empirical study of GHSA review processes, analyzing over 288,000 advisories spanning 2019--2025. We characterize which advisories are more likely to be reviewed, quantify review delays, and identify two distinct review-latency regimes: a fast path dominated by GitHub Repository Advisories (GRAs) and a slow path dominated by NVD-first advisories. We further develop a queueing model that accounts for this dichotomy based on the structure of the advisory processing pipeline.

Source: arXiv:2602.06009v1 - http://arxiv.org/abs/2602.06009v1 PDF: https://arxiv.org/pdf/2602.06009v1 Original Article: View on arXiv

Submission:2/5/2026
Comments:0 comments
Subjects:Cybersecurity; Computer Science
Cite as:
Researchia:202602.05011https://www.researchia.net/explorer/b2cfdb2b-59df-4124-bba5-7fcc17a4f651
Original Source:
View Original PDF
arXiv: This paper is hosted on arXiv, an open-access repository
Was this helpful?

Discussion (0)

Please sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Characterizing and Modeling the GitHub Security Advisories Review Pipeline | Researchia | Researchia