Vulnerability database analysis for 10 years for ensuring security of cyber critical green infrastructures

Leake Zegeye, Mirko Sailio

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    1 Citation (Scopus)

    Abstract

    Checking the vulnerability and vulnerability history of green economy friendly critical infrastructures such as hydroelectric, wind, or solar power control systems is essential part of keeping the security intact. Vulnerability reports are one of the most important security tools for security experts to check vulnerabilities. In this paper over 40,000 vulnerability reports from SecurityFocus's vulnerability database BugTraq are studied and the reports are analyzed accordingly to understand the type of vulnerability contributors, the motivation of the contributors, the trend of most common vulnerability types, and the amount of vulnerability reports over the years. It is shown that most of the vulnerabilities are reported by open source vendors and security organizations. Vulnerability reports are also shown to be decreasing since 2006 and more than 70% of the reported vulnerabilities are contributed by less than 10% of the members. It is also observed that remote code, cross-site, and denial of service vulnerabilities have become dominant vulnerability types reported recently. This research can be used by security system designers and planners to better understand the historical perspective of vulnerabilities. It enables better understanding of vulnerabilities ensuring improved robustness against vulnerabilities. Future work is suggested to extend the analysis to other equally popular vulnerability reporting databases and also add more security measurement parameters.
    Original languageEnglish
    Title of host publicationAFRICON, 2015
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages1-5
    ISBN (Electronic)978-1-4799-7498-6, 978-1-4799-7497-9
    DOIs
    Publication statusPublished - 9 Nov 2015
    MoE publication typeA4 Article in a conference publication
    Event12th IEEE 2015 AFRICON International Conference: Green Innovation for African Renaissance - Addis Ababa, Ethiopia
    Duration: 14 Sep 201517 Sep 2015
    Conference number: 12

    Conference

    Conference12th IEEE 2015 AFRICON International Conference
    CountryEthiopia
    CityAddis Ababa
    Period14/09/1517/09/15

    Keywords

    • BugTraq
    • SecurityFocus
    • vulnerability database
    • vulnerability analysis

    Fingerprint Dive into the research topics of 'Vulnerability database analysis for 10 years for ensuring security of cyber critical green infrastructures'. Together they form a unique fingerprint.

  • Cite this