An Analysis of Vulnerability Trends, 2008-2016

Kuhn, Richard; Raunak, M S; Kacker, Raghu

doi:https://doi.org/10.1109/QRS-C.2017.106

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

Conference Paper

An Analysis of Vulnerability Trends, 2008-2016

Documentation Topics

Published: July 25, 2017

Author(s)

Richard Kuhn (NIST), M S Raunak (Loyola University Maryland), Raghu Kacker (NIST)

Conference

Name: 2017 IEEE International Conference on Software Quality Reliability and Security (QRS-C 2017)
Dates: 07/25/2017 - 07/29/2017
Location: Prague, Czech Republic
Citation: Proceedings. 2017 IEEE International Conference on Software Quality, Reliability and Security (Companion Volume) (QRS-C 2017), pp. 587-588

Abstract

Computer security has been a subject of serious study for at least 40 years, and a steady stream of innovations has improved our ability to protect networks and applications. But attackers have adapted and changed methods over the years as well. Where do we stand today in the battle between attackers and defenders? Are attackers gaining ground, as it often seems when reading press accounts of the latest data exposure? This analysis seeks to answer these questions using data from the US National Vulnerability Database (NVD), and to identify classes of vulnerabilities where improvements will be most cost effective.

Keywords

cybersecurity; National Vulnerability Database; vulnerabilities

Control Families

None selected

Documentation

Publication:
https://doi.org/10.1109/QRS-C.2017.106

Supplemental Material:
Preprint (pdf)

Related NIST Publications:
Journal Article

Document History:
07/25/17: Conference Paper (Final)

Topics

Security and Privacy

security measurement, vulnerability management

Technologies

software & firmware