CVE Lifecycle Analysis Research Hub¶
Analyzing CVE Lifecycle and Relationships with Exploits, Patches, CWEs, and CPEs: A Focus on Major Commercial Vendors and Open-source Vulnerabilities
Eid ALBADDAH
City St George's, University of London
Department of Computer Science
Research Overview¶
In today's interconnected world, the security of information systems is of paramount importance. This research analyzes security vulnerabilities from all aspects as well as the lifecycle of Common Vulnerabilities and Exposures (CVEs) and their relationships with exploits, weaknesses (CWEs), and affected products (CPEs).
Key Research Areas¶
-
Vulnerability Lifecycle
Understanding the dynamics between discovery, exploitation, and patching of security vulnerabilities
-
Temporal Analysis
Examining trends and patterns in the race between exploits and patches across different vendors
-
Multi-vendor Focus
Deep analysis of Microsoft, RedHat and Cisco vulnerabilities in addition to open-source with comprehensive patch and exploit correlation
-
Predictive Modeling
Machine learning approaches for exploit prediction and patch prioritization
Latest Updates¶
Recent Progress
- Data Integration: Successfully integrated MoreFixes and GitHub Advisory databases
- Enhanced Analysis: Multi-vendor comparison framework completed
- Conference Preparation: Working on papers for submission to cybersecurity conferences (EDCC)
- Thesis Development: Exploring advanced lifecycle modeling approaches
Research Impact¶
"By leveraging a comprehensive dataset from multiple sources including CVE V5, ExploitDB, Microsoft's MSRC API, GitHub Advisories, and MoreFixes, this research extends the foundational work of Stefan Frei's 2009 'Security Econometrics' to provide valuable insights into the modern security ecosystem."
Quick Navigation¶
-
Latest findings and multi-vendor comparisons
-
Reproduced figures and tables with updated data
-
Ongoing exploration and brainstorming
-
Conference papers and publication pipeline
Dataset Statistics¶
| Component | Records | Sources | Last Updated |
|---|---|---|---|
| CVEs | 280K+ | NVD, MITRE | 2025-05-13 |
| Exploits | 50K+ | ExploitDB | 2025-05-13 |
| Patches | 75K+ | MSRC, RedHat, Cisco | 2025-05-13 |
| GitHub Advisories | 280K+ | GitHub Security | 2025-05-13 |
| MoreFixes | 150K+ | Academic Research | 2024-09-24 |
Documentation last updated: 2 Aug 2025