We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast:
PHP: declining, with occasional SQL injection.
Buffer Overflows: flattening out after decline.
Format Strings: in steep decline.
SQL Injection and XSS: remaining strong, and rising.
Cross-Site Request Forgery: a sleeping giant perhaps, stirring.
Application Servers: rising steeply.
Security Trend Analysis with CVE Topic Models – ISSRE 2010
Previous post: Change Bursts as Defect Predictors – ISSRE 2010
Next post: Social Media for Software Engineering – FoSER 2010
