An Analysis of the Properties and Distributions of Vulnerability Exploits
In vulnerability management, comprehensive metrics that can be used to analyze vulnerability properties are extremely important. One such metric is the exploitation likelihood of a vulnerability, which quantifies the probability an attacker will attempt exploitation of a particular vulnerability. We propose the consideration of an additional variable in the calculation of the likelihood metric, the presence of one or more exploits. As a foundation for future research regarding the inclusion of this variable, we analyzed properties and relevant distributions of exploits from the Exploit Database, an archive of exploit scripts and proof-of-concepts. First, we explored the distribution of vulnerabilities by number of exploits, enumerating vulnerabilities with at least one known exploit. Next, we examined relationships between exploits, vulnerabilities, and time. We found that in general, older vulnerabilities tend to have more exploits. We also discovered that most exploits are entered into the Exploit Database before or within a few days of when their corresponding vulnerability is published. Finally, we constructed a distribution of exploits with reference to the Common Weakness Enumeration (CWE) list, finding that the majority of exploits in the Exploit Database target the top 40 CWEs. These findings corroborate the importance of vulnerability exploits and indicate the relevance of the presence of exploits as a variable in the calculation of exploitation likelihood.
Copyright (c) 2022 TEJ MEHTA, Massimiliano Albanese
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.