1999-2018年安全漏洞数据集

A dataset of vulnerability during 1999–2018

安全漏洞(Vulnerability)是信息系统在设计、实现或部署等过程中产生的缺陷。这些缺陷一旦被恶意主体所利用和进行攻击,就会对信息系统的安全造成损害,进而对用户、社会以及国家等造成重大损失。本研究通过程序自动化和人工采集结合的方法采集国内外知名漏洞平台1999–2018年间的安全漏洞数据,对采集的近20年的漏洞数据进行切片和格式化操作,保证数据可读性和一致性,从而构建完备的安全漏洞数据集。根据漏洞数据所属漏洞平台,将本数据集划分为来源不同的数据集。基于漏洞数据属性,统计各个数据集中的漏洞总条目数,统计数据集中含有通用漏洞纰漏(CVE)标识的漏洞条目数以及不同漏洞类型对应的漏洞条目数。本数据集在科学研究、安全预警和安全事件处理方面发挥着重要的作用。研究人员可以使用本数据集进行相应的安全科学研究;软件开发者通过查询本数据集,能够及时发现自身软件存在的漏洞。

Vulnerability is a defect in the design,implementation,or deployment of information systems.Once these defects are exploited or attacked by malicious entities,they will cause damage to the security of the information system,resulting in heavy losses to users,society,and the state.This study collects the data of vulnerability of popular vulnerability platforms from 1999 to 2018 through the combination of program automation and manual acquisition.The collection of nearly 20 years of data of vulnerability is sliced and formatted to ensure data readability and consistency,thus building a complete dataset of vulnerability.According to the vulnerability platform to which the vulnerability data belongs,the dataset is divided into several parts with different sources.Based on the vulnerability data attribute,the total number of entries in the dataset containing the vulnerability is counted,including the number of vulnerability entries identified by the CVE and the number of vulnerability entries corresponding to different vulnerability types.The dataset plays an essential role in scientific research,security early warning,and security incident handling.Researchers can use this dataset to conduct corresponding security research;software developers can find out the vulnerabilities in their software by querying this dataset.