Security News > 2020 > May > Software vulnerabilities sometimes first announced on social media

Software vulnerabilities sometimes first announced on social media
2020-05-07 04:00

Software vulnerabilities are more likely to be discussed on social media before they're revealed on a government reporting site, a practice that could pose a national security threat, according to computer scientists at the U.S. Department of Energy's Pacific Northwest National Laboratory.

At the same time, those vulnerabilities present a cybersecurity opportunity for governments to more closely monitor social media discussions about software gaps, the researchers assert.

"Some of these software vulnerabilities have been targeted and exploited by adversaries of the United States. We wanted to see how discussions around these vulnerabilities evolved," said lead author Svitlana Volkova, senior research scientist in the Data Sciences and Analytics Group at PNNL. "Social cybersecurity is a huge threat. Being able to measure how different types of vulnerabilities spread across platforms is really needed."

Their research showed that a quarter of social media discussions about software vulnerabilities from 2015 through 2017 appeared on social media sites before landing in the National Vulnerability Database, the official U.S. repository for such information.

The National Vulnerability Database, which curates and publicly releases vulnerabilities known as Common Vulnerabilities and Exposures "Is drastically growing," the study says, "And includes more than 100,000 known vulnerabilities to date."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/GeeSP-PwN7A/