Vulnerability trends in web servers and browsers

Abstract

In previous work we have looked at trends in vulnerabilities due to ordinary programming errors [2, 3]. This analysis focuses on two of the most widely used types of software in today's internet, web browsers and web servers. In addition to reports of vulnerabilities, we were able to consider market share to infer some information about the impact of vulnerabilities. The key questions we sought to address are: (1) What is the trend in vulnerabilities for these components, and the magnitude of their impact on users? (2) Are web browsers and servers becoming more secure over time as vulnerabilities are discovered and programmers become more experienced? (3) How do trends vary by vulnerability type?