Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Is Finding Security Holes a Good Idea?
IEEE Security and Privacy
Large-scale vulnerability analysis
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price
IEEE Transactions on Software Engineering
IMF '09 Proceedings of the 2009 Fifth International Conference on IT Security Incident Management and IT Forensics
Vulnerability analysis for a quantitative security evaluation
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Information Systems Research
Beyond heuristics: learning to classify vulnerabilities and predict exploits
Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining
Proceedings of the 26th Annual Computer Security Applications Conference
Empirical results on the study of software vulnerabilities (NIER track)
Proceedings of the 33rd International Conference on Software Engineering
Before we knew it: an empirical study of zero-day attacks in the real world
Proceedings of the 2012 ACM conference on Computer and communications security
A preliminary analysis of vulnerability scores for attacks in wild: the ekits and sym datasets
Proceedings of the 2012 ACM Workshop on Building analysis datasets and gathering experience returns for security
Hi-index | 0.00 |
Software systems inherently contain vulnerabilities that have been exploited in the past resulting in significant revenue losses. The study of vulnerability life cycles can help in the development, deployment, and maintenance of software systems. It can also help in designing future security policies and conducting audits of past incidents. Furthermore, such an analysis can help customers to assess the security risks associated with software products of different vendors. In this paper, we conduct an exploratory measurement study of a large software vulnerability data set containing 46310 vulnerabilities disclosed since 1988 till 2011. We investigate vulnerabilities along following seven dimensions: (1) phases in the life cycle of vulnerabilities, (2) evolution of vulnerabilities over the years, (3) functionality of vulnerabilities, (4) access requirement for exploitation of vulnerabilities, (5) risk level of vulnerabilities, (6) software vendors, and (7) software products. Our exploratory analysis uncovers several statistically significant findings that have important implications for software development and deployment.