Statistical analysis of software design error vulnerability data

Nji, Lionel

doi:doi:10.7939/r3-h360-1h32

View

Download

Communities and Collections

Concordia University of Edmonton / Master of Information Systems Security Management (MISSM) and Master of Information Systems Assurance Management (MISAM) Project Reports (Concordia University of Edmonton)

Usage

100 views
61 downloads

Statistical analysis of software design error vulnerability data

Author(s) / Creator(s)
- Nji, Lionel
The research studied the trend followed by software design error vulnerabilities. Statistical analysis methods were used to analyze software design error vulnerability data that were collected after January 1988 and before January 2007. The source of the data was the U.S Government National Vulnerability Database (NVD). The purpose of this research was to obtain an understanding and hence attempt to explain the trend followed by designed error vulnerabilities during the above specified period.
It was found out that more that half the software vulnerability data collected and stored in the NVD between 1988 and 2006 were high severity vulnerability data. Approximately, one third of the data stored in the NVD within this period were software design error vulnerability data. The majority of the software design error vulnerabilities were of high severity. Software design error vulnerabilities generally exhibited a decreasing trend between 1998 and 2006.
Design error vulnerabilities that targeted information confidentiality, integrity and availability fluctuated in the cause of the years and generally exhibited an increasing trend from 1988 to 2006. The research also revealed that most of the software design error vulnerabilities increasingly and particularly targeted information confidentiality. A probably reason being that there has been a gradual shift in the motives behind vulnerability exploitation towards financial gain.
Finally, it was found out that most of the design error vulnerabilities were exploited remotely. This could partly be attributed to the rapid growth and the influence of the Internet. The mode of exploitation whereby a target accesses an attacker's resource was least utilized for exploiting these vulnerabilities. The variation of the remote of exploitation of the design error vulnerabilities during the course of the years was found to be inversely proportional to the local mode of exploitation.
Date created

2007-01-08
Subjects / Keywords
Type of Item

Research Material
DOI

https://doi.org/10.7939/r3-h360-1h32
License

Attribution-NonCommercial 4.0 International

Language
- English