An analysis of common vulnerability and exposure (CVE) of software products in the year 2016

Abstract

This research aims to analyze the common vulnerabilities and exposures of software products that have been discovered in 2016. The dataset used comes from Common Vulnerabilities and Exposures (CVE) database which is used today as an international standard for vulnerability numbering or identification. Some of the information in this research comes from National Vulnerability Database (NVD) at the National Institute of Standards and Technology (NIST). In order to find vulnerability metrics, normalization of the dataset has been done to reduce data redundancy and properly organize the attributes of the data. The data attribute will be structured based on the Serkan Ozkan method, who is the founder of the CVE details website. This research can help organizations to make an informed decision with respect to software security. Choosing software or vendor which are known to have less security vulnerabilities can help to improve information security in the organization. In this research, it has been discovered that most of the products that have critical and high severity comes from Adobe and Google. © 2018 SERSC Australia.