Projects per year
Abstract
Understanding and measuring security of software
in terms of vulnerability metrics is important when reviewing
and deciding between softwares. The large number of disclosed
vulnerabilities will continue to expose software intensive
systems and products to attacks, and the choice of third
party software will affect stability and reliability of products
incorporating this software. We collect CVE data from NVD
and version release data from GitHub in order to study how
vulnerabilities, exploits and patches affect the exposure of
software. By combining all data for each software we propose
a software vulnerability exposure score that can be used
when evaluating security. We perform a large-scale study of
more than 37000 software and also analyze common web
servers and cryptographic libraries in more detail. We show
that the proposed score is both diverse and close to normally
distributed, making it attractive as a review and comparison tool.
in terms of vulnerability metrics is important when reviewing
and deciding between softwares. The large number of disclosed
vulnerabilities will continue to expose software intensive
systems and products to attacks, and the choice of third
party software will affect stability and reliability of products
incorporating this software. We collect CVE data from NVD
and version release data from GitHub in order to study how
vulnerabilities, exploits and patches affect the exposure of
software. By combining all data for each software we propose
a software vulnerability exposure score that can be used
when evaluating security. We perform a large-scale study of
more than 37000 software and also analyze common web
servers and cryptographic libraries in more detail. We show
that the proposed score is both diverse and close to normally
distributed, making it attractive as a review and comparison tool.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2018 International Conference on Security & Management |
Pages | 79 |
Number of pages | 85 |
ISBN (Electronic) | 1-60132-488-X |
Publication status | Published - 2018 |
Event | International Conference on Security and Management (SAM'18) - Las Vegas, United States Duration: 2018 Jul 30 → 2018 Aug 2 |
Conference
Conference | International Conference on Security and Management (SAM'18) |
---|---|
Country/Territory | United States |
City | Las Vegas |
Period | 2018/07/30 → 2018/08/02 |
Subject classification (UKÄ)
- Computer Systems
Free keywords
- Security exposure
- exploit
- vulnerability life-cycle
- patch
- NVD
Fingerprint
Dive into the research topics of 'Evaluating Security of Software Through Vulnerability Metrics'. Together they form a unique fingerprint.Projects
- 1 Finished
-
SECONDS: Secure Connected Devices
Hell, M. (PI), Höst, M. (Researcher), Karlsson, L. (Researcher) & Sönnerup, J. (Researcher)
2016/05/10 → 2018/11/15
Project: Research