Skip to Main Content
Security people are constantly presented with circumstances in which causation is rather unclear, and our desire to discover it is irresistible. Code-complexity measures do seem to be highest in applications that have rather a lot to do. Having massive numbers of code paths does make security hard because massive numbers of code paths means a large attack surface, but massive numbers of code paths have an even more pronounced effect on modification. This paper presents the vulnerability information in Open Source Vulnerability Database (OSVDB), US National Vulnerability Database (NVD) and it's Common Vulnerability Enumeration (CVE).