Saved in:
Bibliographic Details
Main Authors: Mell, Peter, Bojanova, Irena, Galhardo, Carlos
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2405.01289
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913339480735744
author Mell, Peter
Bojanova, Irena
Galhardo, Carlos
author_facet Mell, Peter
Bojanova, Irena
Galhardo, Carlos
contents Identifying the software weaknesses exploited by attacks supports efforts to reduce developer introduction of vulnerabilities and to guide security code review efforts. A weakness is a bug or fault type that can be exploited through an operation that results in a security-relevant error. Ideally, the security community would measure the prevalence of the software weaknesses used in actual exploitation. This work advances that goal by introducing a simple metric that utilizes public data feeds to determine the probability of a weakness being exploited in the wild for any 30-day window. The metric is evaluated on a set of 130 weaknesses that were commonly found in vulnerabilities between April 2021 and March 2024. Our analysis reveals that 92 % of the weaknesses are not being constantly exploited.
format Preprint
id arxiv_https___arxiv_org_abs_2405_01289
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Measuring the Exploitation of Weaknesses in the Wild
Mell, Peter
Bojanova, Irena
Galhardo, Carlos
Cryptography and Security
Identifying the software weaknesses exploited by attacks supports efforts to reduce developer introduction of vulnerabilities and to guide security code review efforts. A weakness is a bug or fault type that can be exploited through an operation that results in a security-relevant error. Ideally, the security community would measure the prevalence of the software weaknesses used in actual exploitation. This work advances that goal by introducing a simple metric that utilizes public data feeds to determine the probability of a weakness being exploited in the wild for any 30-day window. The metric is evaluated on a set of 130 weaknesses that were commonly found in vulnerabilities between April 2021 and March 2024. Our analysis reveals that 92 % of the weaknesses are not being constantly exploited.
title Measuring the Exploitation of Weaknesses in the Wild
topic Cryptography and Security
url https://arxiv.org/abs/2405.01289