A dataset of vulnerability during 1999–2018

Vulnerability is a defect in the design, implementation, or deployment of information systems. Once these defects are exploited and attacked by malicious entities, they will cause damage to the security of the information system, causing heavy losses to users, society, and the state. This study collects the data of vulnerability of popular vulnerability platforms from 1999 to 2018 through the combination of program automation and manual acquisition. The collection of nearly 20 years of data of vulnerability is sliced and formatted to ensure data readability and consistency, thus building a complete dataset of vulnerability. According to the vulnerability platform to which the vulnerability data belongs, the data set is divided into data sets with different sources. Based on the vulnerability data attribute, the total number of entries in the data set containing the vulnerability is counted, including the number of vulnerability entries identified by the CVE and the number of vulnerability entries corresponding to different vulnerability types. The dataset plays an essential role in scientific research, security early warning, and security incident handling. Researchers can use this dataset to conduct corresponding security research; software developers can find out the vulnerabilities of their software by querying this dataset.

脆弱性乃信息系统在设计、实施或部署过程中的缺陷。此类缺陷一旦被恶意实体所利用和攻击，将严重损害信息系统的安全性，给用户、社会乃至国家带来巨大损失。本研究通过程序自动化与人工获取相结合的方式，收集了1999年至2018年间流行脆弱性平台上的脆弱性数据。对近20年的脆弱性数据进行切片和格式化处理，以确保数据的可读性和一致性，从而构建了完整的脆弱性数据集。根据脆弱性数据所属的脆弱性平台，数据集被划分为不同来源的数据集。基于脆弱性数据属性，统计了数据集中包含的脆弱性条目总数，包括由CVE识别的脆弱性条目数量以及对应不同脆弱性类型的脆弱性条目数量。该数据集在科学研究、安全预警和安全事件处理中发挥着至关重要的作用。研究人员可以利用此数据集进行相应的安全研究；软件开发者可以通过查询此数据集发现其软件中的脆弱性。