DefinePK

Abstract

Software vulnerabilities are among some critical issues in system information security. Security defects in software cost millions of dollars to firms in terms of downtime, disruptions, and confidentiality breaches. There is a need for timely exposure and exclusion of vulnerabilities to improve computer systems' security and avoid the victims from exploiting various vulnerabilities. As technology has progressed, there have been many different ways to find zero-day flaws in software systems. Still, most of these techniques are suggested for detecting one or a limited number of vulnerability classes. We used data mining and machine learning techniques to address the scenario in this research work. The mining of trends and vulnerabilities patterns is useful. They can help software vendors prepare solutions before time for vulnerabilities that may occur in a software application. To predict future recurring vulnerabilities in OSS (Open Source Software) applications, we tried to investigate the use of historical patterns of vulnerabilities. We examined the software vulnerabilities taken from CWE (Common Weakness Enumeration) identifier/organization, CVE (Common Vulnerability Exposure) and NVD (National Vulnerability Database) in the duration from 2006-2016. Our findings revealed that the DOS (Denial of Services), 'code execution', 'overflow', 'memory corruption' and 'bypass something' are some critical vulnerabilities faced to OSS applications.
Keywords
Software Vulnerabilities  Vulnerability Prediction Vulnerability Trends Open Source Software