High-severity vulnerabilities allow the attacker to quickly exploit them and take full control of the system. Its exploitation requires an unsyclothed knowledge of the application available, not only of cybercriminal organizations, but of anyone with computer skills.
According to the 2018 Application Security Research Update report of the company Micro Focus (Adams et al., 2018), a graph is included that shows the trend of vulnerabilities during the year 2018._7.52.34_a. m..png)
Figura 2. Tendencias en vulnerabilidades el año 2018. Fuente: Adams et al. (2018).
The ten most common application security weaknesses or errors (CWE) in 2017 included: Buffer Overflow (CWE-119), Cross-Site Scripting (CWE-79), Information Exposure (CWE-200), Inadequate Access Control (CWE-284), and permissions and privilege weaknesses (CWE-264). Not only did the number of reported vulnerabilities increase, but also specific categories of vulnerabilities. Specifically, the Buffer Overflow error (CWE-119) represented 2500 CVEs documented in the 2017 dataset, 115% more than the previous year.
In addition, despite convincing data to the contrary, erroneously it is still trusted that the implementation of network security technologies and devices such as firewalls, management systems and correlation of events (SIEM─ System of Centralization and Monitoring of Event Information and infrastructure data such as, logs, etc.─), intrusion detection systems , access management systems and traffic encryption, etc., are sufficient measures to protect the systems of the organization. Attackers seek the discovery of software flaws related to system security, resulting in an exploitable vulnerability.
Based on the above, it is considered necessary that different organizations have reliable and resistant to attacks software, that is, trusted, with the minimum possible number of exploitable vulnerabilities.