Open Vulnerability Bases and their Application in Security Analysis Systems of Computer Networks
Keywords:
Information Security, Vulnerabilities, Vulnerability Databases, Tendencies of Vulnerabilities Detection, Security Analysis, Computer Attacks, Hardware and SoftwareAbstract
Purpose: The amount of disclosed vulnerabilities in popular software and hardware stays high from year to year. At the same
time, the lack of coordination between companies and communities which detect and classify vulnerabilities reduces the efficiency of
vulnerability databases applicability in security analysis systems. The goal of the study is analyzing the open vulnerability bases and
the assessment of their possible application in computer network security analysis systems, including the acquisition of statistic data
and elicitation of the main trends in vulnerability detection. Results: Several open vulnerability databases (namely, CVE, NVD, X-Force
and OSVDB) were analized and compared, as well as software/hardware dictionaries (like CPE) and vulnerability metrics (like CVSS).
Statistic data were collected on disclosed vulnerabilities in popular operation systems and web browsers, showing the distribution of
vulnerable products of the major software makers for the last 10 year. For the most popular products (from Microsoft, Google, Oracle,
Apple, etc.), the general tendencies in detecting, publishing and patching vulnerabilities were displayed and discussed. Practical
relevance: The analysis of vulnerability representation formats in open databases enables us to pick out the most significant attributes.
This can help develop an approach to the integration of these databases, increasing the efficiency of their usage in security analysis
systems for computer systems and networks.