This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Vulnerability Trends: Measuring Progress
July/August 2010 (vol. 12 no. 4)
pp. 51-53
Rick Kuhn, US National Institute of Standards and Technology
Chris Johnson, US National Institute of Standards and Technology

What is the state of security engineering today? Are we, as an industry, making progress? What are the prospects for the future? An analysis of data from the National Vulnerability Database-which provides fine-grained search capabilities of all publicly reported software vulnerabilities since 1997-helps answer these questions.

1. R. Kuhn, H. Rossman, and S. Liu, "Introducing 'Insecure IT,'" IT Professional, Jan./Feb. 2009, pp. 24–26.
2. P. Mell, K. Scarfone, and S. Romansky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0," Forum of Incident Response and Security Teams, June 2007; www.first.org/cvsscvss-guide.html.
3. "Web Server Survey," Netcraft, Apr. 2010; http://news.netcraft.com/archives/2010/04/ 15april_2010_web_server_survey.html.
4. "Number of Interactions Involved in Software Failures—Empirical Data," Nat'l Inst. Standards and Technology, 2010; http://csrc.nist.gov/groups/SNS/actsftfi.html .

Index Terms:
Information technology, security & privacy, software vulnerabilities
Citation:
Rick Kuhn, Chris Johnson, "Vulnerability Trends: Measuring Progress," IT Professional, vol. 12, no. 4, pp. 51-53, July-Aug. 2010, doi:10.1109/MITP.2010.116
Usage of this product signifies your acceptance of the Terms of Use.