Measuring the Exploitation of Weaknesses in the Wild

arXiv:2405.01289v1 Announce Type: new
Abstract: Identifying the software weaknesses exploited by attacks supports efforts to reduce developer introduction of vulnerabilities and to guide security code review efforts. A weakness is a bug or fault type that can be exploited through an operation that results in a security-relevant error. Ideally, the security community would measure the prevalence of the software weaknesses used in actual exploitation. This work advances that goal by introducing a simple metric that utilizes public data feeds to …

arxiv attacks bug can code code review community cs.cr developer error exploitation exploited guide in the wild introduction measuring relevant results review security security community software vulnerabilities weakness weaknesses