WebApp Sec mailing list archives

RE: Vulnerability statistics

From: "Michael Howard" <mikehow () microsoft com>
Date: Fri, 7 Jan 2005 11:18:41 -0800

I wrote some code to pull down the CVE XML file from cve.mitre.com and
parse the results looking for keywords. This is NOT scientific, but
here's my results:

Getting stats for 2004
TotalCount      1339
isReserved      204
isRejected      15
isUnknown       50

isBO    296
isFormatString  33
isIntOverflow   53
isSQLinjection  30
isXSS   73
isInjection     60
isTooMuchTrust  119
isSymlink       49
isRace  8
isWeakPermission        13

I have yet to analyze the other bugs not in the list above - some of the
bug texts are very vague...

[Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard

[On-line Security Training]
http://mste/training/offerings.asp?TrainingID=53074


-----Original Message-----
From: Benjamin Livshits [mailto:livshits () cs stanford edu] 
Sent: Thursday, January 06, 2005 1:56 PM
To: webappsec () securityfocus com
Subject: Vulnerability statistics

Looking at the OWASP's top ten list, are there any recent studies as to
what fraction of vulnerabilities accounts for each of the top ten
categories?

What about the percentage of vulnerabilities caused by coding errors vs
configuration flaws?

Thanks,
-Ben

Current thread:

RE: Vulnerability statistics Michael Howard (Jan 07)
- Re: Vulnerability statistics Adam Shostack (Jan 08)
- <Possible follow-ups>
- Re: Vulnerability statistics Steven M. Christey (Jan 14)
- RE: Vulnerability statistics Michael Howard (Jan 16)