NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

A Decade of Reoccurring Software Weaknesses

Published

Author(s)

Assane Gueye, Carlos Galhardo, Irena Bojanova, Peter Mell

Abstract

The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the 'Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to mitigate this bias and discuss the most significant software weaknesses over the last ten years.
Citation
IEEE Security & Privacy
Volume
19
Issue
6
Pub Type
Journals

Download Paper

https://doi.org/10.1109/MSEC.2021.3082757
Local Download

Keywords

security, software errors, weaknesses, metrics
Information technology and Cybersecurity and privacy

Citation

Gueye, A. , Galhardo, C. , Bojanova, I. and Mell, P. (2021), A Decade of Reoccurring Software Weaknesses, IEEE Security & Privacy, [online], https://doi.org/10.1109/MSEC.2021.3082757, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932064 (Accessed October 5, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created June 24, 2021, Updated November 29, 2022
Was this page helpful?