Measuring the Exploitation of Weaknesses in the Wild (2405.01289v1)
Abstract: Identifying the software weaknesses exploited by attacks supports efforts to reduce developer introduction of vulnerabilities and to guide security code review efforts. A weakness is a bug or fault type that can be exploited through an operation that results in a security-relevant error. Ideally, the security community would measure the prevalence of the software weaknesses used in actual exploitation. This work advances that goal by introducing a simple metric that utilizes public data feeds to determine the probability of a weakness being exploited in the wild for any 30-day window. The metric is evaluated on a set of 130 weaknesses that were commonly found in vulnerabilities between April 2021 and March 2024. Our analysis reveals that 92 % of the weaknesses are not being constantly exploited.
- Cyentia (2018) Prioritization to Prediction: Analyzing Vulnerability Remediation Strategies
- MITRE (2023) Common Vulnerabilities and Exposures. Available at https://www.cve.org/
- MITRE (2023) Common Weakness Enumeration. Available at https://cwe.mitre.org
- National Institute of Standards and Technology (2023) National Vulnerability Database. Available at https://nvd.nist.gov/
- Forum of Incident Response and Security Teams (2015) Common Vulnerability Scoring System version 3.1: Specification Document. Available at https://www.first.org/cvss/v3-1/cvss-v31-specification_r1.pdf
- MITRE (2023) Weaknesses for Simplified Mapping of Published Vulnerabilities. Available at https://cwe.mitre.org/data/definitions/1003.html
- Forum of Incident Response and Security Teams (2023) Exploit Prediction Scoring System. Available at https://www.first.org/epss/
- Forum of Incident Response and Security Teams (2023) Exploit Prediction Scoring System Model. Available at https://first.org/epss/model
- MITRE (2023) CWE Top 25 Most Dangerous Software Weaknesses. Available at https://cwe.mitre.org/top25