Some Analysis of Common Vulnerabilities and Exposures (CVE) Data from the National Vulnerability Database (NVD)

UNCW Author/Contributor (non-UNCW co-authors, if there are any, appear on document)
Andrew Kyle Threatt (Creator)
Institution
The University of North Carolina Wilmington (UNCW )
Web Site: http://library.uncw.edu/

Abstract: Vulnerability trends can be very useful for informing the cyber risk management process. The objective of this paper is to analyze trends in Common Vulnerabilities and Exposures (CVE) data feeds from 2003 to 2021 using Common Vulnerability Scoring System (CVSS) version 2.0 scores. Data for 147,547 CVEs through June 2021 were downloaded from the National Vulnerability Database (NVD), parsed via Python-based text mining, and analyzed to identify various trends. Findings include a sharp increase in vulnerability integration, a slight decline in average base score of vulnerabilities over time, and the prevalence of exploits surrounding the Android operating system and man-in-the-middle attacks. This information may aid security measurement and management by helping information technology and security professionals form a security strategy based upon conclusions drawn from the analysis.

Additional Information

Publication
Jillian Glyder, Andrew Kyle Threatt, Randy Franks, Lance Adams, Geoff Stoker
Language: English
Date: 2021
Keywords
CVE, NVD, vulnerability

Email this document to