@inproceedings{neuhaus2010security,
author = {Neuhaus, Stephan and Zimmermann, Tom},
title = {Security Trend Analysis with CVE Topic Models},
booktitle = {Proceedings of the 21st IEEE International Symposium on Software Reliability Engineering (ISSRE)},
year = {2010},
month = {November},
abstract = {We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast:

PHP: declining, with occasional SQL injection.

Buffer Overflows: flattening out after decline.

Format Strings: in steep decline.

SQL Injection and XSS: remaining strong, and rising.

Cross-Site Request Forgery: a sleeping giant perhaps, stirring.

Application Servers: rising steeply.},
publisher = {IEEE},
url = {http://approjects.co.za/?big=en-us/research/publication/security-trend-analysis-with-cve-topic-models/},
edition = {Proceedings of the 21st IEEE International Symposium on Software Reliability Engineering (ISSRE)},
}