Vulnerability database analysis for 10 years for ensuring security of cyber critical green infrastructures

Checking the vulnerability and vulnerability history of green economy friendly critical infrastructures such as hydroelectric, wind, or solar power control systems is essential part of keeping the security intact. Vulnerability reports are one of the most important security tools for security experts to check vulnerabilities. In this paper over 40,000 vulnerability reports from SecurityFocus's vulnerability database BugTraq are studied and the reports are analyzed accordingly to understand the type of vulnerability contributors, the motivation of the contributors, the trend of most common vulnerability types, and the amount of vulnerability reports over the years. It is shown that most of the vulnerabilities are reported by open source vendors and security organizations. Vulnerability reports are also shown to be decreasing since 2006 and more than 70% of the reported vulnerabilities are contributed by less than 10% of the members. It is also observed that remote code, cross-site, and denial of service vulnerabilities have become dominant vulnerability types reported recently. This research can be used by security system designers and planners to better understand the historical perspective of vulnerabilities. It enables better understanding of vulnerabilities ensuring improved robustness against vulnerabilities. Future work is suggested to extend the analysis to other equally popular vulnerability reporting databases and also add more security measurement parameters.