This Article 
 Bibliographic References 
 Add to: 
Vulnerability Trends: Measuring Progress
July/August 2010 (vol. 12 no. 4)
pp. 51-53
Rick Kuhn, US National Institute of Standards and Technology
Chris Johnson, US National Institute of Standards and Technology

What is the state of security engineering today? Are we, as an industry, making progress? What are the prospects for the future? An analysis of data from the National Vulnerability Database-which provides fine-grained search capabilities of all publicly reported software vulnerabilities since 1997-helps answer these questions.

1. R. Kuhn, H. Rossman, and S. Liu, "Introducing 'Insecure IT,'" IT Professional, Jan./Feb. 2009, pp. 24–26.
2. P. Mell, K. Scarfone, and S. Romansky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0," Forum of Incident Response and Security Teams, June 2007;
3. "Web Server Survey," Netcraft, Apr. 2010; 15april_2010_web_server_survey.html.
4. "Number of Interactions Involved in Software Failures—Empirical Data," Nat'l Inst. Standards and Technology, 2010; .

Index Terms:
Information technology, security & privacy, software vulnerabilities
Rick Kuhn, Chris Johnson, "Vulnerability Trends: Measuring Progress," IT Professional, vol. 12, no. 4, pp. 51-53, July-Aug. 2010, doi:10.1109/MITP.2010.116
Usage of this product signifies your acceptance of the Terms of Use.