Analys av sårbarheter från national vulnerability databas / Analysis of vulnerabilities from national vulnerability database

Blomberg, Dennis

January 2020

Today, digital development is happening at such a high rate that security is not as prioritized as it should be. When security is prioritized away, there is a high risk that vulnerabilities arise that malicious actors would like to exploit. It can be for accessing sensitive information, financial gain or simply bringing harm. In order for IT-security personnel to be able to more easily prevent and focus efforts on the vulnerabilities that are current today, this study aims to answer the following question: What is the trend of the most prevalent vulnerabilities? What is the trend of product owners with the most vulnerabilities? What is the trend based on the severity linked to the vulnerabilities? What is the trend of the impact on confidentiality, integrity, and accessibility? To answer the questions, a quantitative data analysis was done on the database from the National Vulnerability Database (NVD) together with the dataset from the Common Weakness Enumeration (CWE). The data set from CWE has been used to name and classify the vulnerabilities in NVD. Trends that have been identified in the analysis are as follows: injection, insufficient data authentication and uncontrolled resource consumption are vulnerabilities that have increased percentage every year since 2016. The impact of availability on the reported vulnerabilities declines as a percentage over the years. Vulnerabilities with a high impact on integrity, accessibility and confidentiality has decreased as a percentage.

trend analysis

vulnerability trends

Engineering and Technology

Teknik och teknologier