Statistical analysis of software design error vulnerability data

  • Author(s) / Creator(s)
  • The research studied the trend followed by software design error vulnerabilities. Statistical analysis methods were used to analyze software design error vulnerability data that were collected after January 1988 and before January 2007. The source of the data was the U.S Government National Vulnerability Database (NVD). The purpose of this research was to obtain an understanding and hence attempt to explain the trend followed by designed error vulnerabilities during the above specified period.
    It was found out that more that half the software vulnerability data collected and stored in the NVD between 1988 and 2006 were high severity vulnerability data. Approximately, one third of the data stored in the NVD within this period were software design error vulnerability data. The majority of the software design error vulnerabilities were of high severity. Software design error vulnerabilities generally exhibited a decreasing trend between 1998 and 2006.
    Design error vulnerabilities that targeted information confidentiality, integrity and availability fluctuated in the cause of the years and generally exhibited an increasing trend from 1988 to 2006. The research also revealed that most of the software design error vulnerabilities increasingly and particularly targeted information confidentiality. A probably reason being that there has been a gradual shift in the motives behind vulnerability exploitation towards financial gain.
    Finally, it was found out that most of the design error vulnerabilities were exploited remotely. This could partly be attributed to the rapid growth and the influence of the Internet. The mode of exploitation whereby a target accesses an attacker's resource was least utilized for exploiting these vulnerabilities. The variation of the remote of exploitation of the design error vulnerabilities during the course of the years was found to be inversely proportional to the local mode of exploitation.

  • Date created
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
  • License
    Attribution-NonCommercial 4.0 International