Measurements of the Most Significant Software Security Weaknesses

by   Carlos Cardoso Galhardo, et al.

In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration (CWE) is a well-known and used list of software security weaknesses. The CWE community publishes such an aggregate metric to calculate the `Most Dangerous Software Errors'. However, we find that the published equation highly biases frequency and almost ignores exploitability and impact in generating top lists of varying sizes. This is due to the differences in the distributions of the component metric values. To mitigate this, we linearize the frequency distribution using a double log function. We then propose a variety of other improvements, provide top lists of the most significant CWEs for 2019, provide an analysis of the identified software security weaknesses, and compare them against previously published top lists.



There are no comments yet.


page 1

page 2

page 3

page 4


A Suite of Metrics for Calculating the Most Significant Security Relevant Software Flaw Types

The Common Weakness Enumeration (CWE) is a prominent list of software we...

Common Privacy Weaknesses and Vulnerabilities in Software Applications

In this digital era, our privacy is under constant threat as our persona...

V2W-BERT: A Framework for Effective Hierarchical Multiclass Classification of Software Vulnerabilities

Weaknesses in computer systems such as faults, bugs and errors in the ar...

A Long Way to the Top: Significance, Structure, and Stability of Internet Top Lists

A broad range of research areas including Internet measurement, privacy,...

A Grounded Theory Based Approach to Characterize Software Attack Surfaces

The notion of Attack Surface refers to the critical points on the bounda...

Exploiting ergodicity of the logistic map using deep-zoom to improve security of chaos-based cryptosystems

This paper explores the deep-zoom properties of the chaotic k-logistic m...

Improvements in Computation and Usage of Joint CDFs for the N-Dimensional Order Statistic

Order statistics provide an intuition for combining multiple lists of sc...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.