1 / 3

The Rising Threat of Software Vulnerabilities and Their Economic Impact on Vendors

Software vulnerabilities are on the rise, as revealed by various databases such as the National Vulnerability Database (NVD) and the Open Source Vulnerability Database (OSVDB). A study from Carnegie Mellon University (2004) found that each vulnerability announcement led to an average stock price drop of 0.6%, costing vendors significantly. The majority of vulnerabilities stem from poor programming practices, with 64% attributed to programming errors. Prominent issues include buffer overflows and cross-site scripting, highlighting the urgent need for improved software security measures.

octavia-kemp
Télécharger la présentation

The Rising Threat of Software Vulnerabilities and Their Economic Impact on Vendors

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security vulnerabilities are clearly rising NVD = National Vulnerability Database CERT = US-CERT database OSVDB = Open Source Vulnerability Database

  2. Published vulnerabilities cost a vendor real money • A study based on reald vulnerability announcements in 1999-2004 revealed an • average drop of the concerned vendor's stock price • of 0.6% after each vulnerability announcement • Tehang / Wattal, Carnegie Mellon Univerisity, 2004 • "Impact of Software Vulnerability Announcements on the Market Value of Software Vendors – an Empirical Investigation" • ... not to mention the damage to the vendor's reputation

  3. Most vulnerabilities caused by careless programming • 64% of the vulnerabilities in ICAT (now: NVD) in 2004 are due to programming errors • 51% of those due to classic errors like buffer overflows, cross-site-scripting, injection flaws • Heffley/Meunier (2004): Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security? • Cross-site scripting, SQL injection at top of the statistics (CVE, Bugtraq) in 2006 • "We wouldn't need so much network security if we didn't have such bad software security" (Bruce Schneier)

More Related