[Infowarrior] - CVE vuln stats paper - final version is out
Richard Forno
rforno at infowarrior.org
Wed Oct 4 20:28:40 EDT 2006
Vulnerability Type Distributions in CVE
Document version: 1.0 Date: October 4, 2006
For the past 5 years, CVE has been tracking the types of errors that lead to
publicly reported vulnerabilities, and periodically reporting trends on a
limited scale. In support of the Common Weakness Enumeration (CWE) project
[1], and as a result of the interest in this work as mentioned during the
"Year of the web application: Hack & Data from the Front lines" panel at the
5th Annual Cyber Security Executive Summit in New York City on September 13,
2006, we have published a more extensive analysis. An updated version will
be released once 2006 is complete.
The primary goal of this study is to better understand research trends using
publicly reported vulnerabilities. It should be noted that the data is
obtained from an uncontrolled population, i.e., decentralized public reports
from a research community with diverse goals and interests, with an equally
diverse set of vendors and developers. More specialized, exhaustive, and
repeatable methods could be devised to evaluate software security. But until
such methods reach maturity and widespread acceptance, the overall state of
software security can be viewed through the lens of public reports.
< - >
http://cwe.mitre.org/documents/vuln-trends.html
More information about the Infowarrior
mailing list