Assane Gueye, Carlos Galhardo, Irena Bojanova, Peter Mell
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the 'Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to mitigate this bias and discuss the most significant software weaknesses over the last ten years.
, Galhardo, C.
, Bojanova, I.
and Mell, P.
A Decade of Reoccurring Software Weaknesses, IEEE Security & Privacy, [online], https://doi.org/10.1109/MSEC.2021.3082757, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932064
(Accessed January 18, 2022)