Identifying the software weaknesses exploited by attacks supports efforts to reduce developer introduction of vulnerabilities and to guide security code review efforts. A weakness is a bug or fault type that can be exploited through an operation that results in a security-relevant error. Ideally, the security community would measure the prevalence of the software weaknesses used in actual exploitation. This work advances that goal by introducing a simple metric that utilizes public data feeds to determine the probability of a weakness being exploited in the wild for any 30-day window. The metric is evaluated on a set of 130 weaknesses that were commonly found in vulnerabilities between April 2021 and March 2024. Our analysis reveals that 92% of the weaknesses are not being constantly exploited.
Measuring the Exploitation of Weaknesses in the Wild
P. Mell,Irena Bojanova,C. Galhardo,Irena Bojanova
Published 2024 in IT Professional
ABSTRACT
PUBLICATION RECORD
- Publication year
2024
- Venue
IT Professional
- Publication date
2024-05-01
- Fields of study
Computer Science
- Identifiers
- External record
- Source metadata
Semantic Scholar
CITATION MAP
EXTRACTION MAP
CLAIMS
- No claims are published for this paper.
CONCEPTS
- No concepts are published for this paper.
REFERENCES
Showing 1-8 of 8 references · Page 1 of 1
CITED BY
Showing 1-2 of 2 citing papers · Page 1 of 1