A Decade of Reoccurring Software Weaknesses.

Journal

IEEE security & privacy
ISSN: 1540-7993
Titre abrégé: IEEE Secur Priv
Pays: United States
ID NLM: 101212343

Informations de publication

Date de publication:
2021
Historique:
entrez: 20 3 2023
pubmed: 1 1 2021
medline: 1 1 2021
Statut: ppublish

Résumé

The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the 'Most Dangerous Software Errors.' However, the used equation highly biases frequency over exploitability and impact. We provide a metric to mitigate this bias and discuss the most significant software weaknesses over the last ten years.

Identifiants

DOI: 10.1109/msec.2021.3082757 PMID: 36936247 PMC: PMC10021008
pubmed: 36936247
doi: 10.1109/msec.2021.3082757
pmc: PMC10021008
mid: NIHMS1873177
doi:

Types de publication

Journal Article

Langues

eng

Subventions

Organisme : Intramural NIST DOC
ID : 9999-NIST
Pays : United States

Auteurs

Assane Gueye (A)

Carnegie Mellon University Africa.

Carlos E C Galhardo (CEC)

National Institute of Metrology, Quality, and Technology.

Irena Bojanova (I)

National Institute of Standards and Technology.

Peter Mell (P)

National Institute of Standards and Technology.

Classifications MeSH