A Trend Analysis of Vulnerabilities
نویسندگان
چکیده
Software vulnerabilities exist and will continue to do so. Every week, a new vulnerability gains popular attention, is discussed at length in mailing lists, and hopefully gets patched by the vendor before exploits and attack tools start appearing. But there is little evidence that we are learning from our mistakes. Sharing of vulnerability information through public databases has been possible for quite sometime now. If it is not lack of information, what is it that is preventing us from learning from our past? Are there any lessons to be learned at all? A good start towards answering such questions would be to analyze vulnerabilities in widely deployed, critical but buggy software artifacts. In this paper, we look at vulnerabilities in five such software artifacts and examine two of their attributes. Among other statistics, our analysis suggests that the discovery of a vulnerability in a software artifact may influence the discovery of more vulnerabilities of the same type in that artifact. Thus, there may be some learning occurring, but it is by the penetration community rather than the software engineers. This paper argues that measuring vulnerability occurrences may have predictive value and that this concept of retrospective metric is an interesting approach to expressing assurance.
منابع مشابه
Compose, reliability and validity of survey of histrionic women's couple vulnerabilities
The purpose of this study is to compose and reliability of a survey about histrionic women's mutual damages in their marital relationship. The method that was used for this survey was a composition of exploratory and combinatory which was done in two steps. The first step was a qualitative factors discovery analysis one which included 17 semi-structured interviews and review of scientific ...
متن کاملThe recognition of the necessity of for community-based disaster risk management to reduce the risk of vulnerability to earthquake disaster (case study: YousefAbad neighborhood of Tehran)
Disaster management and current attitudes in this area only focus on this areachr('39')s physical vulnerabilities, raising urban residentschr('39') exposure to these challenges in front of the earthquake. On the other hand, Incidental actions include reducing the vulnerability and the physical strengthening and promotion of poor organization during the disaster; they ignored the capabilities an...
متن کاملA Look at the Time Delays in CVSS Vulnerability Scoring
This empirical paper examines the time delays that occur between the publication of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) information attached to published CVEs. According to the empirical results based on regularized regression analysis of over eighty thousand archived vulnerabilities, (i) the...
متن کاملAssessment of potential climate change impacts on drought indicators (Case study: Yazd station, Central Iran)
This research studies the potential impact of climate change on future trend and changes of two well known drought indicators namely RDI and SPI in Yazd meteorological station, in central part of Iran. For this purpose, data of HadCM3 model that were resulted from GCM-runs based on the IPCC-SRES scenarios of A2 and B2 were acquired and analyzed for projection of daily Tmin, Tmax and precipitati...
متن کاملSoftware Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models
The software engineering tools historically used to examine faults can also be used to examine vulnerabilities and the rate at which they are discovered. I discuss the challenges of the collection process and compare two sets of vulnerability characterization criteria. I collected fifty-four months of vulnerability data for OpenBSD 2.2 and applied seven reliability growth models to the two data...
متن کامل