An analysis of common vulnerability and exposure (CVE) of software products in the year 2016

Afiq Bonandir, Salman Yussof

Research output: Contribution to journalArticle

Abstract

This research aims to analyze the common vulnerabilities and exposures of software products that have been discovered in 2016. The dataset used comes from Common Vulnerabilities and Exposures (CVE) database which is used today as an international standard for vulnerability numbering or identification. Some of the information in this research comes from National Vulnerability Database (NVD) at the National Institute of Standards and Technology (NIST). In order to find vulnerability metrics, normalization of the dataset has been done to reduce data redundancy and properly organize the attributes of the data. The data attribute will be structured based on the Serkan Ozkan method, who is the founder of the CVE details website. This research can help organizations to make an informed decision with respect to software security. Choosing software or vendor which are known to have less security vulnerabilities can help to improve information security in the organization. In this research, it has been discovered that most of the products that have critical and high severity comes from Adobe and Google.

Original languageEnglish
Pages (from-to)157-166
Number of pages10
JournalInternational Journal of Advanced Science and Technology
Volume112
DOIs
Publication statusPublished - 01 Jan 2018

Fingerprint

Security of data
Redundancy
Websites

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Engineering(all)
  • Energy(all)

Cite this

@article{f6bc63fa40474221a5eb08caac3d69a5,
title = "An analysis of common vulnerability and exposure (CVE) of software products in the year 2016",
abstract = "This research aims to analyze the common vulnerabilities and exposures of software products that have been discovered in 2016. The dataset used comes from Common Vulnerabilities and Exposures (CVE) database which is used today as an international standard for vulnerability numbering or identification. Some of the information in this research comes from National Vulnerability Database (NVD) at the National Institute of Standards and Technology (NIST). In order to find vulnerability metrics, normalization of the dataset has been done to reduce data redundancy and properly organize the attributes of the data. The data attribute will be structured based on the Serkan Ozkan method, who is the founder of the CVE details website. This research can help organizations to make an informed decision with respect to software security. Choosing software or vendor which are known to have less security vulnerabilities can help to improve information security in the organization. In this research, it has been discovered that most of the products that have critical and high severity comes from Adobe and Google.",
author = "Afiq Bonandir and Salman Yussof",
year = "2018",
month = "1",
day = "1",
doi = "10.14257/ijast.2018.112.15",
language = "English",
volume = "112",
pages = "157--166",
journal = "International Journal of Advanced Science and Technology",
issn = "2005-4238",
publisher = "Science and Engineering Research Support Society",

}

An analysis of common vulnerability and exposure (CVE) of software products in the year 2016. / Bonandir, Afiq; Yussof, Salman.

In: International Journal of Advanced Science and Technology, Vol. 112, 01.01.2018, p. 157-166.

Research output: Contribution to journalArticle

TY - JOUR

T1 - An analysis of common vulnerability and exposure (CVE) of software products in the year 2016

AU - Bonandir, Afiq

AU - Yussof, Salman

PY - 2018/1/1

Y1 - 2018/1/1

N2 - This research aims to analyze the common vulnerabilities and exposures of software products that have been discovered in 2016. The dataset used comes from Common Vulnerabilities and Exposures (CVE) database which is used today as an international standard for vulnerability numbering or identification. Some of the information in this research comes from National Vulnerability Database (NVD) at the National Institute of Standards and Technology (NIST). In order to find vulnerability metrics, normalization of the dataset has been done to reduce data redundancy and properly organize the attributes of the data. The data attribute will be structured based on the Serkan Ozkan method, who is the founder of the CVE details website. This research can help organizations to make an informed decision with respect to software security. Choosing software or vendor which are known to have less security vulnerabilities can help to improve information security in the organization. In this research, it has been discovered that most of the products that have critical and high severity comes from Adobe and Google.

AB - This research aims to analyze the common vulnerabilities and exposures of software products that have been discovered in 2016. The dataset used comes from Common Vulnerabilities and Exposures (CVE) database which is used today as an international standard for vulnerability numbering or identification. Some of the information in this research comes from National Vulnerability Database (NVD) at the National Institute of Standards and Technology (NIST). In order to find vulnerability metrics, normalization of the dataset has been done to reduce data redundancy and properly organize the attributes of the data. The data attribute will be structured based on the Serkan Ozkan method, who is the founder of the CVE details website. This research can help organizations to make an informed decision with respect to software security. Choosing software or vendor which are known to have less security vulnerabilities can help to improve information security in the organization. In this research, it has been discovered that most of the products that have critical and high severity comes from Adobe and Google.

UR - http://www.scopus.com/inward/record.url?scp=85045018403&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85045018403&partnerID=8YFLogxK

U2 - 10.14257/ijast.2018.112.15

DO - 10.14257/ijast.2018.112.15

M3 - Article

VL - 112

SP - 157

EP - 166

JO - International Journal of Advanced Science and Technology

JF - International Journal of Advanced Science and Technology

SN - 2005-4238

ER -