Abstract
Checking the vulnerability and vulnerability history of green economy friendly critical infrastructures such as hydroelectric, wind, or solar power control systems is essential part of keeping the security intact. Vulnerability reports are one of the most important security tools for security experts to check vulnerabilities. In this paper over 40,000 vulnerability reports from SecurityFocus's vulnerability database BugTraq are studied and the reports are analyzed accordingly to understand the type of vulnerability contributors, the motivation of the contributors, the trend of most common vulnerability types, and the amount of vulnerability reports over the years. It is shown that most of the vulnerabilities are reported by open source vendors and security organizations. Vulnerability reports are also shown to be decreasing since 2006 and more than 70% of the reported vulnerabilities are contributed by less than 10% of the members. It is also observed that remote code, cross-site, and denial of service vulnerabilities have become dominant vulnerability types reported recently. This research can be used by security system designers and planners to better understand the historical perspective of vulnerabilities. It enables better understanding of vulnerabilities ensuring improved robustness against vulnerabilities. Future work is suggested to extend the analysis to other equally popular vulnerability reporting databases and also add more security measurement parameters.
Original language | English |
---|---|
Title of host publication | AFRICON, 2015 |
Publisher | IEEE Institute of Electrical and Electronic Engineers |
Pages | 1-5 |
ISBN (Electronic) | 978-1-4799-7498-6, 978-1-4799-7497-9 |
DOIs | |
Publication status | Published - 9 Nov 2015 |
MoE publication type | A4 Article in a conference publication |
Event | 12th IEEE 2015 AFRICON International Conference: Green Innovation for African Renaissance - Addis Ababa, Ethiopia Duration: 14 Sept 2015 → 17 Sept 2015 Conference number: 12 |
Conference
Conference | 12th IEEE 2015 AFRICON International Conference |
---|---|
Country/Territory | Ethiopia |
City | Addis Ababa |
Period | 14/09/15 → 17/09/15 |
Keywords
- BugTraq
- SecurityFocus
- vulnerability database
- vulnerability analysis