Research Article
Trend Analysis of the CVE Classes Across CVSS Metrics
|
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
|
| Volume 183 - Issue 33 |
| Published: Oct 2021 |
| Authors: Bindu Dodiya, Umesh Kumar Singh, Vivaan Gupta |
10.5120/ijca2021921718
|
Bindu Dodiya, Umesh Kumar Singh, Vivaan Gupta . Trend Analysis of the CVE Classes Across CVSS Metrics. International Journal of Computer Applications. 183, 33 (Oct 2021), 23-30. DOI=10.5120/ijca2021921718
@article{ 10.5120/ijca2021921718,
author = { Bindu Dodiya,Umesh Kumar Singh,Vivaan Gupta },
title = { Trend Analysis of the CVE Classes Across CVSS Metrics },
journal = { International Journal of Computer Applications },
year = { 2021 },
volume = { 183 },
number = { 33 },
pages = { 23-30 },
doi = { 10.5120/ijca2021921718 },
publisher = { Foundation of Computer Science (FCS), NY, USA }
}
%0 Journal Article
%D 2021
%A Bindu Dodiya
%A Umesh Kumar Singh
%A Vivaan Gupta
%T Trend Analysis of the CVE Classes Across CVSS Metrics%T
%J International Journal of Computer Applications
%V 183
%N 33
%P 23-30
%R 10.5120/ijca2021921718
%I Foundation of Computer Science (FCS), NY, USA
Abstract
Understanding vulnerability trends is important for risk management process.. Understanding trends helps in early detection of problems and also in planning defense mechanisms. In this paper analysis of the trends of Common Vulnerabilities and Exposures (CVE) from the National Vulnerability Database (NVD) for 2005 to 2020 has presented. 136566 CVEs has been extracted for sixteen years, also their Common Vulnerability Scoring System (CVSS) scores has been collected from the NVD, then analysis of severity, and CVSS base metrics trends ,and trends for classified vulnerability data has been done . Such analysis of vulnerability data according to their type, CIA impact, access vector and access complexity helpful in identifying most critical class of vulnerability relative to system environment and improve risk mitigation process.
References
- G Stoneburner, A Goguen, and A Feringa, “Risk Management Guide for Information Technology Systems”, NIST Special Publication 800- 30, July 2002, Available: http://csrc.nist.gov/publi cations/nistpubs/800-30/sp800-30.pdf
- Richard Kuhn, M S Raunak and Raghu Kacker” An Analysis of Vulnerability Trends, 2008 – 2016”, Proceedings, Software Quality, Reliability and Security (QRS-C), 2017 IEEE International Conference on (pp. 587-588).
- R. Kuhn and Chris Johnson, “Vulnerability Trends: Measuring Progress”, IT Professional, 2010, pp. 51-53.
- National Vulnerability Database, http://nvd.nist.gov.
- Common Vulnerabilities and Exposures. [Online]. Available:http://cve.mitre.org
- Common Weakness Enumeration. [Online]. Available: http://cwe.mitre.org
- “NVD Common Vulnerability Scoring System Support v2”, National Vulnerability Database, Available:https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?version=3
- R. Gopalakrishna, E. Spafford and J. Vitek, “A Trend Analysis of Vulnerabilities”, CERIAS TR 2005-06, 2005.
- Tim Shimeall and Phil Williams, “Models of Information Security Trend Analysis”, Available at http://www.cert.org/archive/pdf/info-security.pdf.
- Tripathi, A. Singh, U.K., “ Analyzing Trends in Vulnerability Classes across CVSS Metrics”, International Journal of Computer Applications (0975 – 8887) Volume 36– No.3, December 2011.
Index Terms
Keywords