The relationship of software vulnerabilities and workarounds

This paper investigates the relationship between vulnerability types and their workarounds. Via a  workaround solution, users prevent or mitigate the risk of a vulnerability without the need of eliminating it. So far, little attention has been paid to this fruitful approach, whereas workaround solutions can perform so efficiently when dealing with vulnerabilities. In this research, a proper dataset from four mostly referred vulnerability databases (OSVDB, Security Tracker, Cert CC Vulnerability Notes and NVD) is compiled. In this dataset which we have called VuWaDB, the workarounds are organized in six main categories configuration, code modification, route alteration, elimination, access restriction and utility tools. The CWEs that the NVD was assigned to, are used to determine vulnerability types. In order to discover the   relationship between vulnerabilities and their related workaround solutions, after a statistical survey, a  relevant bipartite graph is constructed. The obtained results are analyzed and presented in related tables, which provide the relation between software vulnerabilities and their workarounds.