Advanced

Evaluating Security of Software Through Vulnerability Metrics

Sönnerup, Jonathan LU and Hell, Martin LU (2018) International Conference on Security and Management (SAM'18) In Proceedings of the 2018 International Conference on Security & Management p.79-79
Abstract
Understanding and measuring security of software
in terms of vulnerability metrics is important when reviewing
and deciding between softwares. The large number of disclosed
vulnerabilities will continue to expose software intensive
systems and products to attacks, and the choice of third
party software will affect stability and reliability of products
incorporating this software. We collect CVE data from NVD
and version release data from GitHub in order to study how
vulnerabilities, exploits and patches affect the exposure of
software. By combining all data for each software we propose
a software vulnerability exposure score that can be used
when evaluating security. We perform a... (More)
Understanding and measuring security of software
in terms of vulnerability metrics is important when reviewing
and deciding between softwares. The large number of disclosed
vulnerabilities will continue to expose software intensive
systems and products to attacks, and the choice of third
party software will affect stability and reliability of products
incorporating this software. We collect CVE data from NVD
and version release data from GitHub in order to study how
vulnerabilities, exploits and patches affect the exposure of
software. By combining all data for each software we propose
a software vulnerability exposure score that can be used
when evaluating security. We perform a large-scale study of
more than 37000 software and also analyze common web
servers and cryptographic libraries in more detail. We show
that the proposed score is both diverse and close to normally
distributed, making it attractive as a review and comparison tool. (Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
Security exposure, exploit, vulnerability life-cycle, patch, NVD
in
Proceedings of the 2018 International Conference on Security & Management
pages
85 pages
conference name
International Conference on Security and Management (SAM'18)
ISBN
1-60132-488-X
language
English
LU publication?
yes
id
554aad13-1707-4659-ab4e-4c421ae753a6
alternative location
https://csce.ucmss.com/cr/books/2018/LFS/CSREA2018/SAM9722.pdf
date added to LUP
2018-08-09 15:10:52
date last changed
2018-08-15 13:06:42
@inproceedings{554aad13-1707-4659-ab4e-4c421ae753a6,
  abstract     = {Understanding and measuring security of software<br/>in terms of vulnerability metrics is important when reviewing<br/>and deciding between softwares. The large number of disclosed<br/>vulnerabilities  will  continue  to  expose  software  intensive<br/>systems and products to attacks, and the choice of third<br/>party software will affect stability and reliability of products<br/>incorporating this software. We collect CVE data from NVD<br/>and version release data from GitHub in order to study how<br/>vulnerabilities, exploits and patches affect the exposure of<br/>software. By combining all data for each software we propose<br/>a  software  vulnerability  exposure  score  that  can  be  used<br/>when evaluating security. We perform a large-scale study of<br/>more than 37000 software and also analyze common web<br/>servers and cryptographic libraries in more detail. We show<br/>that the proposed score is both diverse and close to normally<br/>distributed, making it attractive as a review and comparison tool.},
  author       = {Sönnerup, Jonathan and Hell, Martin},
  booktitle    = {Proceedings of the 2018 International Conference on Security & Management},
  isbn         = {1-60132-488-X},
  keyword      = {Security exposure,exploit,vulnerability life-cycle,patch,NVD},
  language     = {eng},
  pages        = {79--79},
  title        = {Evaluating Security of Software Through Vulnerability Metrics},
  year         = {2018},
}