PDF (1.7 MB)
Collect
Submit Manuscript
Show Outline
Figures (5)

Tables (1)
Table 1
Open Access

Software Vulnerabilities Overview: A Descriptive Study

Mario Calín SánchezJuan Manuel Carrillo de Gea()José Luis Fernández-AlemánJesús GarceránAmbrosio Toval
Department of Informatics and Systems, Faculty of Computer Science, University of Murcia, Murcia 30100, Spain.
Show Author Information

Abstract

Computer security is a matter of great interest. In the last decade there have been numerous cases of cybercrime based on the exploitation of software vulnerabilities. This fact has generated a great social concern and a greater importance of computer security as a discipline. In this work, the most important vulnerabilities of recent years are identified, classified, and categorized individually. A measure of the impact of each vulnerability is used to carry out this classification, considering the number of products affected by each vulnerability, as well as its severity. In addition, the categories of vulnerabilities that have the greatest presence are identified. Based on the results obtained in this study, we can understand the consequences of the most common vulnerabilities, which software products are affected, how to counteract these vulnerabilities, and what their current trend is.

References

[1]
We Are Social and Hootsuite, Digital in 2017: Global overview, https://wearesocial.com/special-reports/digital-in-2017-global-overview, 2017.
[2]
S. Lichtenstein, Internet risks for companies, Comput. Secur., vol. 17, no. 2, pp. 143150, 1998.
[3]
M. P. Qi, J. Chen, and Y. Chen, A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC, Comput. Methods Programs Biomed., vol. 164, pp. 101109, 2018.
[4]
M. Jouini, L. B. A. Rabai, and A. B. Aissa, Classification of security threats in information systems, Proced. Comput. Sci., vol. 32, pp. 489496, 2014.
[5]
A. N. Navaz, M. A. Serhani, N. Al-Qirim, and M. Gergely, Towards an efficient and energy-aware mobile big health data architecture, Comput. Methods Programs Biomed., vol. 166, pp. 137154, 2018.
[6]
Alhazmi O., Malaiya Y., and Ray I., Security vulnerabilities in software systems: A quantitative perspective, in Proc. 19th Ann. IFIP WG 11.3 Working Conf. on Data and Applications Security XIX, Storrs, CT, USA, 2005, pp. 281294.10.1007/11535706_21
[7]
J. T. Gong and H. Y. Zhang, BugMap: A topographic map of bugs, in Proc. 9th Joint Meeting on Foundations of Software Engineering, Saint Petersburg, Russia, 2013, pp. 647650.
[8]
J. L. Fernández-Alemán, I. C. Señor, P. Á. O. Lozoya, and A. Toval, Security and privacy in electronic health records: A systematic literature review, J. Biomed. Inform., vol. 46, no. 3, pp. 541562, 2013.
[9]
Señor I. C., Fernández-Alemán J. L., and Toval A., Are personal health records safe? A review of free web-accessible personal health record privacy policies, J. Med. Internet Res., vol. 14, p. e114, 2012.10.2196/jmir.1904
[10]
C. T. Li, D. H. Shih, and C. C. Wang, Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems, Comput. Methods Programs Biomed., vol. 157, pp. 191203, 2018.
[11]
Y. H. Gu and P. Li, Design and research on vulnerability database, in Proc. 3rd Int. Conf. on Information and Computing, Wuxi, China, 2010, pp. 209212.
[13]
P. Mell, K. Scarfone, and S. Romanosky, Common vulnerability scoring system, IEEE Secur. Privacy, vol. 4, no. 6, pp. 8589, 2006.
[14]
X. D. Li, X. L. Chang, J. A. Board, and K. S. Trivedi, A novel approach for software vulnerability classification, in Proc. 2017 Ann. Reliability and Maintainability Symp., Orlando, FL, USA, 2017.
[15]
H. Venter, J. H. P. Eloff, and Y. L. Li, Standardising vulnerability categories, Comput. Secur., vol. 27, nos. 3&4, pp. 7183, 2008.
[16]
O. H. Alhazmi, Y. K. Malaiya, and I. Ray, Measuring, analyzing and predicting security vulnerabilities in software systems, Comput. Secur., vol. 26, no. 3, pp. 219228, 2007.
[17]
S. S. Alqahtani, E. E. Eghan, and J. Rilling, Tracing known security vulnerabilities in software repositories—A semantic web enabled modeling approach, Sci. Comput. Programming, vol. 121, pp. 153175, 2016.
[18]
Z. B. Cruz, J. L. Fernández-Alemán, and A. Toval, Security in cloud computing: A mapping study, Comput. Sci. Inform. Syst., vol. 12, no. 1, pp. 161184, 2015.
[20]
J. C. Foster, V. Osipov, N. Bhalla, N. Heinen, and D. Aitel, Buffer Overflow Attacks. Syngress Publishing, 2005.
[21]
Nokia, Android & iOS infections rose by 400%. Windows Infections declined, https://nokiapoweruser.com/nokia-malware-report-smartphones-infections-rose-nearly-400-percent-2016/, 2016.
[22]
A. V. Uzunov, E. B. Fernandez, and K. Falkner, Assessing and improving the quality of security methodologies for distributed systems, J. Softw.: Evol. Process, vol. 30, no. 11, p. e1980, 2018.
[23]
C. Manes, 2015’s MVPs-the most vulnerable players, https://techtalk.gfi.com/2015s-mvps-the-most-vulnerable-players/, 2016.
[24]
N. Metha and B. Leonard, Disclosing vulnerabilities to protect users, https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html, 2016.
[25]
W. L. Du, Chapter 4: Buffer overflow attack, Computer Security: A Hands-on Approach, Syngress Publishing, 2017.
[26]
C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang, StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks, in Proc. 7th Conf. on USENIX Security Symp., San Antonio, TX, USA, 1998, p. 5.
[27]
Newzoo, Newzoo global mobile market report 2018—Light version, https://newzoo.com/insights/trend-reports/newzoo-global-mobile-market-report-2018-light-version/, 2018.
[28]
F. Mercaldo, A. Di Sorbo, C. A. Visaggio, A. Cimitile, and F. Martinelli, An exploratory study on the evolution of android malware quality, J. Softw.: Evol. Process, vol. 30, no. 11, p. e1978, 2018.
Tsinghua Science and Technology
Pages 270-280
Cite this article:
Calín Sánchez M, de Gea JMC, Fernández-Alemán JL, et al. Software Vulnerabilities Overview: A Descriptive Study. Tsinghua Science and Technology, 2020, 25(2): 270-280. https://doi.org/10.26599/TST.2019.9010003
Metrics & Citations  
Article History
Copyright
Rights and Permissions
Return