AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (1.7 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Software Vulnerabilities Overview: A Descriptive Study

Mario Calín SánchezJuan Manuel Carrillo de Gea( )José Luis Fernández-AlemánJesús GarceránAmbrosio Toval
Department of Informatics and Systems, Faculty of Computer Science, University of Murcia, Murcia 30100, Spain.
Show Author Information

Abstract

Computer security is a matter of great interest. In the last decade there have been numerous cases of cybercrime based on the exploitation of software vulnerabilities. This fact has generated a great social concern and a greater importance of computer security as a discipline. In this work, the most important vulnerabilities of recent years are identified, classified, and categorized individually. A measure of the impact of each vulnerability is used to carry out this classification, considering the number of products affected by each vulnerability, as well as its severity. In addition, the categories of vulnerabilities that have the greatest presence are identified. Based on the results obtained in this study, we can understand the consequences of the most common vulnerabilities, which software products are affected, how to counteract these vulnerabilities, and what their current trend is.

Keywords

descriptive studysoftware securitysoftware vulnerabilitiesvulnerability databases

References

[1]
We Are Social and Hootsuite, Digital in 2017: Global overview, https://wearesocial.com/special-reports/digital-in-2017-global-overview, 2017.
[2]
S. Lichtenstein, Internet risks for companies, Comput. Secur., vol. 17, no. 2, pp. 143150, 1998.
Crossref Google Scholar
[3]
M. P. Qi, J. Chen, and Y. Chen, A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC, Comput. Methods Programs Biomed., vol. 164, pp. 101109, 2018.
Crossref Google Scholar
[4]
M. Jouini, L. B. A. Rabai, and A. B. Aissa, Classification of security threats in information systems, Proced. Comput. Sci., vol. 32, pp. 489496, 2014.
Crossref Google Scholar
[5]
A. N. Navaz, M. A. Serhani, N. Al-Qirim, and M. Gergely, Towards an efficient and energy-aware mobile big health data architecture, Comput. Methods Programs Biomed., vol. 166, pp. 137154, 2018.
Crossref Google Scholar
[6]
Alhazmi O., Malaiya Y., and Ray I., Security vulnerabilities in software systems: A quantitative perspective, in Proc. 19th Ann. IFIP WG 11.3 Working Conf. on Data and Applications Security XIX, Storrs, CT, USA, 2005, pp. 281294.10.1007/11535706_21
Crossref
[7]
J. T. Gong and H. Y. Zhang, BugMap: A topographic map of bugs, in Proc. 9th Joint Meeting on Foundations of Software Engineering, Saint Petersburg, Russia, 2013, pp. 647650.
Crossref
[8]
J. L. Fernández-Alemán, I. C. Señor, P. Á. O. Lozoya, and A. Toval, Security and privacy in electronic health records: A systematic literature review, J. Biomed. Inform., vol. 46, no. 3, pp. 541562, 2013.
Crossref Google Scholar
[9]
Señor I. C., Fernández-Alemán J. L., and Toval A., Are personal health records safe? A review of free web-accessible personal health record privacy policies, J. Med. Internet Res., vol. 14, p. e114, 2012.10.2196/jmir.1904
Crossref Google Scholar
[10]
C. T. Li, D. H. Shih, and C. C. Wang, Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems, Comput. Methods Programs Biomed., vol. 157, pp. 191203, 2018.
Crossref Google Scholar
[11]
Y. H. Gu and P. Li, Design and research on vulnerability database, in Proc. 3rd Int. Conf. on Information and Computing, Wuxi, China, 2010, pp. 209212.
[12]
C. Schmidt, Technical introduction to SCAP, https://www.energy.gov/sites/prod/files/cioprod/documents/Technical_Introduction_to_SCAP_-_Charles_Schmidt.pdf, 2010.
Crossref
[13]
P. Mell, K. Scarfone, and S. Romanosky, Common vulnerability scoring system, IEEE Secur. Privacy, vol. 4, no. 6, pp. 8589, 2006.
Crossref Google Scholar
[14]
X. D. Li, X. L. Chang, J. A. Board, and K. S. Trivedi, A novel approach for software vulnerability classification, in Proc. 2017 Ann. Reliability and Maintainability Symp., Orlando, FL, USA, 2017.
Crossref
[15]
H. Venter, J. H. P. Eloff, and Y. L. Li, Standardising vulnerability categories, Comput. Secur., vol. 27, nos. 3&4, pp. 7183, 2008.
Crossref Google Scholar
[16]
O. H. Alhazmi, Y. K. Malaiya, and I. Ray, Measuring, analyzing and predicting security vulnerabilities in software systems, Comput. Secur., vol. 26, no. 3, pp. 219228, 2007.
Crossref Google Scholar
[17]
S. S. Alqahtani, E. E. Eghan, and J. Rilling, Tracing known security vulnerabilities in software repositories—A semantic web enabled modeling approach, Sci. Comput. Programming, vol. 121, pp. 153175, 2016.
Crossref Google Scholar
[18]
Z. B. Cruz, J. L. Fernández-Alemán, and A. Toval, Security in cloud computing: A mapping study, Comput. Sci. Inform. Syst., vol. 12, no. 1, pp. 161184, 2015.
Crossref Google Scholar
[19]
McAfee, McAfee labs threats report, https://www.mcafee.com/enterprise/en-us/assets/reports/rpquarterly-threats-mar-2016.pdf, 2016.
[20]
J. C. Foster, V. Osipov, N. Bhalla, N. Heinen, and D. Aitel, Buffer Overflow Attacks. Syngress Publishing, 2005.
Crossref
[21]
Nokia, Android & iOS infections rose by 400%. Windows Infections declined, https://nokiapoweruser.com/nokia-malware-report-smartphones-infections-rose-nearly-400-percent-2016/, 2016.
[22]
A. V. Uzunov, E. B. Fernandez, and K. Falkner, Assessing and improving the quality of security methodologies for distributed systems, J. Softw.: Evol. Process, vol. 30, no. 11, p. e1980, 2018.
Google Scholar
[23]
C. Manes, 2015’s MVPs-the most vulnerable players, https://techtalk.gfi.com/2015s-mvps-the-most-vulnerable-players/, 2016.
[24]
N. Metha and B. Leonard, Disclosing vulnerabilities to protect users, https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html, 2016.
[25]
W. L. Du, Chapter 4: Buffer overflow attack, Computer Security: A Hands-on Approach, Syngress Publishing, 2017.
[26]
C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang, StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks, in Proc. 7th Conf. on USENIX Security Symp., San Antonio, TX, USA, 1998, p. 5.
[27]
Newzoo, Newzoo global mobile market report 2018—Light version, https://newzoo.com/insights/trend-reports/newzoo-global-mobile-market-report-2018-light-version/, 2018.
[28]
F. Mercaldo, A. Di Sorbo, C. A. Visaggio, A. Cimitile, and F. Martinelli, An exploratory study on the evolution of android malware quality, J. Softw.: Evol. Process, vol. 30, no. 11, p. e1978, 2018.
Google Scholar
Tsinghua Science and Technology
Volume 25 Issue 2,
April 2020
Pages 270-280
DOI: 10.26599/TST.2019.9010003
Cite this article:
Calín Sánchez M, de Gea JMC, Fernández-Alemán JL, et al. Software Vulnerabilities Overview: A Descriptive Study. Tsinghua Science and Technology, 2020, 25(2): 270-280. https://doi.org/10.26599/TST.2019.9010003

829

Views

30

Downloads

11

Crossref

N/A

Web of Science

18

Scopus

2

CSCD

Altmetrics
Received: 12 December 2018
Revised: 23 February 2019
Accepted: 11 March 2019
Published: 02 September 2019
© The author(s) 2020

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).
Return