Cryptographic Keywords in NVD: Statistics and Visualization

TL;DR

The paper introduces a keyword-based approach to analyze cryptographic vulnerabilities in the NVD, aiming to supplement CWE classifications. It analyzes CVEs from 2023-01-01 to 2024-09-30 by matching cryptographic keywords in descriptions and reports that 3,914 CVEs (6.8%) contain at least one keyword, with a higher average severity ($7.18$) than the overall dataset ($7.1$). The study provides keyword statistics, identifies dominant terms such as 'password' and 'encrypt', and visualizes CWE-keyword relationships via heatmaps and a CVSS-based correlation view for CWE–keyword pairs. The findings suggest that keyword analysis offers complementary insights beyond traditional CWE tagging and can be enhanced with NLP techniques for deeper vulnerability understanding.

Abstract

A preliminary attempt to use cryptographic keywords and analyze vulnerabilities published in the National Vulnerability Database is presented. Basic statistics and visualizations are included.

Figures (2)

• Figure 1: Correlation of keywords and CWEs, based on vulnerabilities with descriptions containing at least one keyword, normalized for each CWE.
• Figure 2: Average CVSS base severity score of vulnerabilities assigned to CWE with description containing given keyword.