See-V-E: Visualizing Vulnerabilities

Overview

Rather than write about the latest zero-day-one-of-a-kind-this-is-the-big-one vulnerability, we thought it’d be fun to share a collection of interactive visualizations analyzing vulnerability trends in different ways.  These can help answer questions like:

  • Which year had the most vulnerabilities?
  • What’s the trend of critical vulnerabilities in the last decade?
  • What was the most common vulnerability type in a given year?

Check them out and let us know what you think!

Note: These visualizations are updated daily and built using Observable notebooks with data from the National Vulnerability Database.  Observable is a great way to build compelling visualizations that can easily be shared.

Vulnerability Counts By Year

This is a vertical bar chart of the total vulnerability counts by year. It will cycle through displaying the total vulnerability counts by year, total counts sorted ascending, and then total counts sorted descending. An “Order” drop down menu is available in the top left to pause the cycle and select a specific view.

Vulnerability Severities By Month and Year

This is a vertical stacked bar chart of the total vulnerability counts by year, broken down by severity. Multiple years or severities can be selected simply by clicking and dragging or using command + click (macOS) or ctrl + click (Windows). For example, you could select every year in the “Year” box and select “Critical” in the “Severity” box to view the trend of critical vulnerabilities over time. Finally, once a chart is displayed, you can mouseover each section to view the exact count for a given month.

Note: Initially, you will only see an error message in redTo properly display the chart, you must first select one option from each of the two multi-select menus.

For reference, the legend is as follows:

  • Critical
  • High
  • Medium
  • Low

Top Vulnerability Types By Month and Year

This is a horizontal bar chart “race” of the top vulnerability types over the months of each year. Each bar represents a particular vulnerability type and is labeled with its respective CWE-ID. The CWE-ID is used since most of the vulnerability type names are too long to fit within each bar properly. A searchable table below the bar chart enables searching for a specific ID to learn its name and description. Note that you do not need to type in the “CWE-” prefix when searching, only enter the ID number itself. Click the “Replay” button to replay the race.