Vulnerabilities in systems represent weaknesses that can be exploited to cause significant damage, making their effective management crucial for organizational survival. As cyber threats continue to evolve, understanding and addressing these vulnerabilities is essential to protect against financial losses, operational disruptions, and reputational damage. In this paper, we conduct a 26-year CVE distribution pattern analysis of Common Vulnerabilities and Exposures (CVE), focusing on vulnerabilities from a vendor-specific perspective using Common Platform Enumeration (CPE) data. We analyze the evolution of vulnerabilities, highlighting the vendors most frequently associated with reported security issues. The findings reveal a vulnerability landscape dominated by Microsoft, Google, Apple, Oracle, and Debian, with Microsoft holding 21.1% of reported CVEs. Microsoft and Google show the highest risk profiles with many high and critical severity vulnerabilities, while Apple, Oracle, and Debian have more varied severity levels. Temporal analysis links major increases in disclosures to key product releases like Microsoft’s Windows Vista/7, Google’s Android and Chrome, and Apple’s iPhone and iPad. By mapping vulnerabilities back to their platform origins via CPE, our work enables security teams to tailor patch management and risk prioritization strategies to vendor-specific patterns.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Vendor-Specific Vulnerability Analysis: A 26-Year Study of CVE Distribution Patterns

  • Yasamin Akrami,
  • Melisa Sarıtaş,
  • Malek Malkawi,
  • Reda Alhajj

摘要

Vulnerabilities in systems represent weaknesses that can be exploited to cause significant damage, making their effective management crucial for organizational survival. As cyber threats continue to evolve, understanding and addressing these vulnerabilities is essential to protect against financial losses, operational disruptions, and reputational damage. In this paper, we conduct a 26-year CVE distribution pattern analysis of Common Vulnerabilities and Exposures (CVE), focusing on vulnerabilities from a vendor-specific perspective using Common Platform Enumeration (CPE) data. We analyze the evolution of vulnerabilities, highlighting the vendors most frequently associated with reported security issues. The findings reveal a vulnerability landscape dominated by Microsoft, Google, Apple, Oracle, and Debian, with Microsoft holding 21.1% of reported CVEs. Microsoft and Google show the highest risk profiles with many high and critical severity vulnerabilities, while Apple, Oracle, and Debian have more varied severity levels. Temporal analysis links major increases in disclosures to key product releases like Microsoft’s Windows Vista/7, Google’s Android and Chrome, and Apple’s iPhone and iPad. By mapping vulnerabilities back to their platform origins via CPE, our work enables security teams to tailor patch management and risk prioritization strategies to vendor-specific patterns.