Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.
- Create BookmarkCreate Bookmark
- Create Note or TagCreate Note or Tag
- DownloadDownload
- PrintPrint
Chapter 1. Buffer Overflows: The Essentials > The Increase in Buffer Overflows
1.3. The Increase in Buffer Overflows
Contrary to popular belief, it is nearly impossible to determine if vulnerabilities are being identified and released at an increasing or decreasing rate. One factor may be that it is increasingly difficult to define and document vulnerabilities. Mitre's CVE project lapsed in categorizing vulnerabilities for over a nine-month stretch between the years 2003 and 2004. With this said, if you were to look at the sample statistics provided by Mitre on the number of vulnerabilities released, it would lead you to believe that vulnerabilities are actually decreasing. As seen by the data in Table 1.2, it appears that the number of vulnerabilities is decreasing by a couple hundred entries per year. Note that the Total Vulnerability Count is for "CVE-rated" vulnerabilities only and does not include Mitre candidates or CANs.
| 2004 | 2003 | 2002 | 2001 | |
|---|---|---|---|---|
| Vulnerability Count | 812 | 1007 | 1307 | 1506 |