Toward a Multidimensional Analysis of the National Vulnerability Database

Bring-your-own-device policies, Internet of Things (IoT) devices, and smart appliances are all contributing to the increasing diversity of connected devices. It has become imperative to understand the vulnerabilities of these diverse devices (along with traditional compute devices) to appropriately secure their use. In this paper, we conduct a detailed analysis of the vulnerabilities reported for the various hardware and software artifacts in the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). We analyze the details of vulnerabilities covering the period 2011-2022. We broadly categorize the vulnerabilities into three product categories: networking, IoT, and computing devices. The data is further classified into application, Operating System (OS), and hardware domains.We analyze the data across the aforementioned categories over four non-overlapping 3-year time periods. The analysis provides insights into salient trends in vulnerabilities across diverse products, and over time. Our work presents interesting findings based on the trends and persistence observed from the analyzed data. Our study points to insights that could lead to improved resource allocation for addressing security concerns.