Mell, P.
and Gueye, A.
(2020),
A Suite of Metrics for Calculating the Most Significant Security Relevant Software Flaw Types, COMPSAC 2020, Madrid, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929586 (Accessed April 28, 2026)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
A Suite of Metrics for Calculating the Most Significant Security Relevant Software Flaw Types
Published
Author(s)
,
Abstract
The Common Weakness Enumeration (CWE) is a prominent list of software weakness types. This list is used by vulnerability databases to describe the underlying security flaws within analyzed vulnerabilities. This linkage opens the possibility of using the analysis of software vulnerabilities to identify the most significant weaknesses that enable those vulnerabilities. We accomplish this through creating mashup views combining CWE weakness taxonomies with vulnerability analysis data. The resulting graphs have CWEs as nodes, edges derived from multiple CWE taxonomies, and nodes adorned with vulnerability analysis information (propagated from children to parents). Using these graphs, we develop a suite of metrics to identify the most significant weakness types (using the perspectives of frequency, impact, exploitability, and overall severity).Proceedings Title
COMPSAC 2020
Conference Dates
July 13-17, 2020
Conference Location
Madrid
Conference Title
2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)
Pub Type
Conferences
Download Paper
Keywords
Metrics, Software flaws, Vulnerabilities
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created July 12, 2020, Updated July 30, 2020