Published: June 24, 2021
Citation: IEEE Security & Privacy vol. 19, no. 6, (November-December 2021) pp. 74-82
Author(s)
Assane Gueye (CMU Africa), Carlos Cardoso Galhardo (Inmetro), Irena Bojanova (NIST), Peter Mell (NIST)
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the `Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to mitigate this bias and discuss the most significant software weaknesses over the last ten years.
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the `Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to mitigate this bias and discuss the most significant...
See full abstract
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the `Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to mitigate this bias and discuss the most significant software weaknesses over the last ten years.
Hide full abstract
Keywords
security; software errors; weaknesses, metrics
Control Families
None selected