Vulnerability database analysis for 10 years for ensuring security of cyber critical green infrastructures

Leake Zegeye, Mirko Sailio

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

Checking the vulnerability and vulnerability history of green economy friendly critical infrastructures such as hydroelectric, wind, or solar power control systems is essential part of keeping the security intact. Vulnerability reports are one of the most important security tools for security experts to check vulnerabilities. In this paper over 40,000 vulnerability reports from SecurityFocus's vulnerability database BugTraq are studied and the reports are analyzed accordingly to understand the type of vulnerability contributors, the motivation of the contributors, the trend of most common vulnerability types, and the amount of vulnerability reports over the years. It is shown that most of the vulnerabilities are reported by open source vendors and security organizations. Vulnerability reports are also shown to be decreasing since 2006 and more than 70% of the reported vulnerabilities are contributed by less than 10% of the members. It is also observed that remote code, cross-site, and denial of service vulnerabilities have become dominant vulnerability types reported recently. This research can be used by security system designers and planners to better understand the historical perspective of vulnerabilities. It enables better understanding of vulnerabilities ensuring improved robustness against vulnerabilities. Future work is suggested to extend the analysis to other equally popular vulnerability reporting databases and also add more security measurement parameters.
Original languageEnglish
Title of host publicationAFRICON, 2015
PublisherInstitute of Electrical and Electronic Engineers IEEE
Pages1-5
ISBN (Electronic)978-1-4799-7498-6, 978-1-4799-7497-9
DOIs
Publication statusPublished - 9 Nov 2015
MoE publication typeA4 Article in a conference publication
Event12th IEEE 2015 AFRICON International Conference: Green Innovation for African Renaissance - Addis Ababa, Ethiopia
Duration: 14 Sep 201517 Sep 2015
Conference number: 12

Publication series

Name
ISSN (Electronic)2153-0033

Conference

Conference12th IEEE 2015 AFRICON International Conference
CountryEthiopia
CityAddis Ababa
Period14/09/1517/09/15

Fingerprint

Critical infrastructures
Security systems
Power control
Solar energy
Wind power
Control systems

Keywords

  • BugTraq
  • SecurityFocus
  • vulnerability database
  • vulnerability analysis

Cite this

Zegeye, Leake ; Sailio, Mirko. / Vulnerability database analysis for 10 years for ensuring security of cyber critical green infrastructures. AFRICON, 2015. Institute of Electrical and Electronic Engineers IEEE, 2015. pp. 1-5
@inproceedings{61135eb30f384a5690c6786d968c9903,
title = "Vulnerability database analysis for 10 years for ensuring security of cyber critical green infrastructures",
abstract = "Checking the vulnerability and vulnerability history of green economy friendly critical infrastructures such as hydroelectric, wind, or solar power control systems is essential part of keeping the security intact. Vulnerability reports are one of the most important security tools for security experts to check vulnerabilities. In this paper over 40,000 vulnerability reports from SecurityFocus's vulnerability database BugTraq are studied and the reports are analyzed accordingly to understand the type of vulnerability contributors, the motivation of the contributors, the trend of most common vulnerability types, and the amount of vulnerability reports over the years. It is shown that most of the vulnerabilities are reported by open source vendors and security organizations. Vulnerability reports are also shown to be decreasing since 2006 and more than 70{\%} of the reported vulnerabilities are contributed by less than 10{\%} of the members. It is also observed that remote code, cross-site, and denial of service vulnerabilities have become dominant vulnerability types reported recently. This research can be used by security system designers and planners to better understand the historical perspective of vulnerabilities. It enables better understanding of vulnerabilities ensuring improved robustness against vulnerabilities. Future work is suggested to extend the analysis to other equally popular vulnerability reporting databases and also add more security measurement parameters.",
keywords = "BugTraq, SecurityFocus, vulnerability database, vulnerability analysis",
author = "Leake Zegeye and Mirko Sailio",
year = "2015",
month = "11",
day = "9",
doi = "10.1109/AFRCON.2015.7332048",
language = "English",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
pages = "1--5",
booktitle = "AFRICON, 2015",
address = "United States",

}

Zegeye, L & Sailio, M 2015, Vulnerability database analysis for 10 years for ensuring security of cyber critical green infrastructures. in AFRICON, 2015. Institute of Electrical and Electronic Engineers IEEE, pp. 1-5, 12th IEEE 2015 AFRICON International Conference, Addis Ababa, Ethiopia, 14/09/15. https://doi.org/10.1109/AFRCON.2015.7332048

Vulnerability database analysis for 10 years for ensuring security of cyber critical green infrastructures. / Zegeye, Leake; Sailio, Mirko.

AFRICON, 2015. Institute of Electrical and Electronic Engineers IEEE, 2015. p. 1-5.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Vulnerability database analysis for 10 years for ensuring security of cyber critical green infrastructures

AU - Zegeye, Leake

AU - Sailio, Mirko

PY - 2015/11/9

Y1 - 2015/11/9

N2 - Checking the vulnerability and vulnerability history of green economy friendly critical infrastructures such as hydroelectric, wind, or solar power control systems is essential part of keeping the security intact. Vulnerability reports are one of the most important security tools for security experts to check vulnerabilities. In this paper over 40,000 vulnerability reports from SecurityFocus's vulnerability database BugTraq are studied and the reports are analyzed accordingly to understand the type of vulnerability contributors, the motivation of the contributors, the trend of most common vulnerability types, and the amount of vulnerability reports over the years. It is shown that most of the vulnerabilities are reported by open source vendors and security organizations. Vulnerability reports are also shown to be decreasing since 2006 and more than 70% of the reported vulnerabilities are contributed by less than 10% of the members. It is also observed that remote code, cross-site, and denial of service vulnerabilities have become dominant vulnerability types reported recently. This research can be used by security system designers and planners to better understand the historical perspective of vulnerabilities. It enables better understanding of vulnerabilities ensuring improved robustness against vulnerabilities. Future work is suggested to extend the analysis to other equally popular vulnerability reporting databases and also add more security measurement parameters.

AB - Checking the vulnerability and vulnerability history of green economy friendly critical infrastructures such as hydroelectric, wind, or solar power control systems is essential part of keeping the security intact. Vulnerability reports are one of the most important security tools for security experts to check vulnerabilities. In this paper over 40,000 vulnerability reports from SecurityFocus's vulnerability database BugTraq are studied and the reports are analyzed accordingly to understand the type of vulnerability contributors, the motivation of the contributors, the trend of most common vulnerability types, and the amount of vulnerability reports over the years. It is shown that most of the vulnerabilities are reported by open source vendors and security organizations. Vulnerability reports are also shown to be decreasing since 2006 and more than 70% of the reported vulnerabilities are contributed by less than 10% of the members. It is also observed that remote code, cross-site, and denial of service vulnerabilities have become dominant vulnerability types reported recently. This research can be used by security system designers and planners to better understand the historical perspective of vulnerabilities. It enables better understanding of vulnerabilities ensuring improved robustness against vulnerabilities. Future work is suggested to extend the analysis to other equally popular vulnerability reporting databases and also add more security measurement parameters.

KW - BugTraq

KW - SecurityFocus

KW - vulnerability database

KW - vulnerability analysis

U2 - 10.1109/AFRCON.2015.7332048

DO - 10.1109/AFRCON.2015.7332048

M3 - Conference article in proceedings

SP - 1

EP - 5

BT - AFRICON, 2015

PB - Institute of Electrical and Electronic Engineers IEEE

ER -