On Privacy Weaknesses and Vulnerabilities in Software Systems Article Swipe
Pattaraporn Sangaroonsilp
,
Hoa Khanh Dam
,
Aditya Ghose
·
YOU?
·
· 2021
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2112.13997
YOU?
·
· 2021
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2112.13997
In this digital era, our privacy is under constant threat as our personal data and traceable online/offline activities are frequently collected, processed and transferred by many software applications. Privacy attacks are often formed by exploiting vulnerabilities found in those software applications. The Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) systems are currently the main sources that software engineers rely on for understanding and preventing publicly disclosed software vulnerabilities. However, our study on all 922 weaknesses in the CWE and 156,537 vulnerabilities registered in the CVE to date has found a very small coverage of privacy-related vulnerabilities in both systems, only 4.45\% in CWE and 0.1\% in CVE. These also cover only a small number of areas of privacy threats that have been raised in existing privacy software engineering research, privacy regulations and frameworks, and relevant reputable organisations. The actionable insights generated from our study led to the introduction of 11 new common privacy weaknesses to supplement the CWE system, making it become a source for both security and privacy vulnerabilities.
Related Topics
Concepts
Computer security
Internet privacy
Secure coding
Computer science
Software
Strengths and weaknesses
Privacy by Design
Software security assurance
Information privacy
Information security
Security service
Epistemology
Programming language
Philosophy
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2112.13997
- https://arxiv.org/pdf/2112.13997
- OA Status
- green
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4226464691
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4226464691Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2112.13997Digital Object Identifier
- Title
-
On Privacy Weaknesses and Vulnerabilities in Software SystemsWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2021Year of publication
- Publication date
-
2021-12-28Full publication date if available
- Authors
-
Pattaraporn Sangaroonsilp, Hoa Khanh Dam, Aditya GhoseList of authors in order
- Landing page
-
https://arxiv.org/abs/2112.13997Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2112.13997Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2112.13997Direct OA link when available
- Concepts
-
Computer security, Internet privacy, Secure coding, Computer science, Software, Strengths and weaknesses, Privacy by Design, Software security assurance, Information privacy, Information security, Security service, Epistemology, Programming language, PhilosophyTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
0Total citation count in OpenAlex
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4226464691 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2112.13997 |
| ids.doi | https://doi.org/10.48550/arxiv.2112.13997 |
| ids.openalex | https://openalex.org/W4226464691 |
| fwci | |
| type | preprint |
| title | On Privacy Weaknesses and Vulnerabilities in Software Systems |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11045 |
| topics[0].field.id | https://openalex.org/fields/33 |
| topics[0].field.display_name | Social Sciences |
| topics[0].score | 0.9871000051498413 |
| topics[0].domain.id | https://openalex.org/domains/2 |
| topics[0].domain.display_name | Social Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/3312 |
| topics[0].subfield.display_name | Sociology and Political Science |
| topics[0].display_name | Privacy, Security, and Data Protection |
| topics[1].id | https://openalex.org/T10927 |
| topics[1].field.id | https://openalex.org/fields/33 |
| topics[1].field.display_name | Social Sciences |
| topics[1].score | 0.9851999878883362 |
| topics[1].domain.id | https://openalex.org/domains/2 |
| topics[1].domain.display_name | Social Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/3312 |
| topics[1].subfield.display_name | Sociology and Political Science |
| topics[1].display_name | Access Control and Trust |
| topics[2].id | https://openalex.org/T10764 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9805999994277954 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1702 |
| topics[2].subfield.display_name | Artificial Intelligence |
| topics[2].display_name | Privacy-Preserving Technologies in Data |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C38652104 |
| concepts[0].level | 1 |
| concepts[0].score | 0.6936048865318298 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q3510521 |
| concepts[0].display_name | Computer security |
| concepts[1].id | https://openalex.org/C108827166 |
| concepts[1].level | 1 |
| concepts[1].score | 0.580207109451294 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q175975 |
| concepts[1].display_name | Internet privacy |
| concepts[2].id | https://openalex.org/C22680326 |
| concepts[2].level | 5 |
| concepts[2].score | 0.541632354259491 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q7444867 |
| concepts[2].display_name | Secure coding |
| concepts[3].id | https://openalex.org/C41008148 |
| concepts[3].level | 0 |
| concepts[3].score | 0.5191999673843384 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[3].display_name | Computer science |
| concepts[4].id | https://openalex.org/C2777904410 |
| concepts[4].level | 2 |
| concepts[4].score | 0.5101588368415833 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q7397 |
| concepts[4].display_name | Software |
| concepts[5].id | https://openalex.org/C63882131 |
| concepts[5].level | 2 |
| concepts[5].score | 0.4461822211742401 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q17122954 |
| concepts[5].display_name | Strengths and weaknesses |
| concepts[6].id | https://openalex.org/C193934123 |
| concepts[6].level | 3 |
| concepts[6].score | 0.4233669936656952 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q7246028 |
| concepts[6].display_name | Privacy by Design |
| concepts[7].id | https://openalex.org/C62913178 |
| concepts[7].level | 4 |
| concepts[7].score | 0.4196149706840515 |
| concepts[7].wikidata | https://www.wikidata.org/wiki/Q7554361 |
| concepts[7].display_name | Software security assurance |
| concepts[8].id | https://openalex.org/C123201435 |
| concepts[8].level | 2 |
| concepts[8].score | 0.4129728078842163 |
| concepts[8].wikidata | https://www.wikidata.org/wiki/Q456632 |
| concepts[8].display_name | Information privacy |
| concepts[9].id | https://openalex.org/C527648132 |
| concepts[9].level | 2 |
| concepts[9].score | 0.2250315248966217 |
| concepts[9].wikidata | https://www.wikidata.org/wiki/Q189900 |
| concepts[9].display_name | Information security |
| concepts[10].id | https://openalex.org/C29983905 |
| concepts[10].level | 3 |
| concepts[10].score | 0.136359304189682 |
| concepts[10].wikidata | https://www.wikidata.org/wiki/Q7445066 |
| concepts[10].display_name | Security service |
| concepts[11].id | https://openalex.org/C111472728 |
| concepts[11].level | 1 |
| concepts[11].score | 0.0 |
| concepts[11].wikidata | https://www.wikidata.org/wiki/Q9471 |
| concepts[11].display_name | Epistemology |
| concepts[12].id | https://openalex.org/C199360897 |
| concepts[12].level | 1 |
| concepts[12].score | 0.0 |
| concepts[12].wikidata | https://www.wikidata.org/wiki/Q9143 |
| concepts[12].display_name | Programming language |
| concepts[13].id | https://openalex.org/C138885662 |
| concepts[13].level | 0 |
| concepts[13].score | 0.0 |
| concepts[13].wikidata | https://www.wikidata.org/wiki/Q5891 |
| concepts[13].display_name | Philosophy |
| keywords[0].id | https://openalex.org/keywords/computer-security |
| keywords[0].score | 0.6936048865318298 |
| keywords[0].display_name | Computer security |
| keywords[1].id | https://openalex.org/keywords/internet-privacy |
| keywords[1].score | 0.580207109451294 |
| keywords[1].display_name | Internet privacy |
| keywords[2].id | https://openalex.org/keywords/secure-coding |
| keywords[2].score | 0.541632354259491 |
| keywords[2].display_name | Secure coding |
| keywords[3].id | https://openalex.org/keywords/computer-science |
| keywords[3].score | 0.5191999673843384 |
| keywords[3].display_name | Computer science |
| keywords[4].id | https://openalex.org/keywords/software |
| keywords[4].score | 0.5101588368415833 |
| keywords[4].display_name | Software |
| keywords[5].id | https://openalex.org/keywords/strengths-and-weaknesses |
| keywords[5].score | 0.4461822211742401 |
| keywords[5].display_name | Strengths and weaknesses |
| keywords[6].id | https://openalex.org/keywords/privacy-by-design |
| keywords[6].score | 0.4233669936656952 |
| keywords[6].display_name | Privacy by Design |
| keywords[7].id | https://openalex.org/keywords/software-security-assurance |
| keywords[7].score | 0.4196149706840515 |
| keywords[7].display_name | Software security assurance |
| keywords[8].id | https://openalex.org/keywords/information-privacy |
| keywords[8].score | 0.4129728078842163 |
| keywords[8].display_name | Information privacy |
| keywords[9].id | https://openalex.org/keywords/information-security |
| keywords[9].score | 0.2250315248966217 |
| keywords[9].display_name | Information security |
| keywords[10].id | https://openalex.org/keywords/security-service |
| keywords[10].score | 0.136359304189682 |
| keywords[10].display_name | Security service |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2112.13997 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2112.13997 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2112.13997 |
| locations[1].id | doi:10.48550/arxiv.2112.13997 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2112.13997 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5045263333 |
| authorships[0].author.orcid | https://orcid.org/0000-0002-3811-9176 |
| authorships[0].author.display_name | Pattaraporn Sangaroonsilp |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Sangaroonsilp, Pattaraporn |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5017181940 |
| authorships[1].author.orcid | https://orcid.org/0000-0003-4246-0526 |
| authorships[1].author.display_name | Hoa Khanh Dam |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Dam, Hoa Khanh |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5034792852 |
| authorships[2].author.orcid | https://orcid.org/0000-0002-6175-8726 |
| authorships[2].author.display_name | Aditya Ghose |
| authorships[2].author_position | last |
| authorships[2].raw_author_name | Ghose, Aditya |
| authorships[2].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2112.13997 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | On Privacy Weaknesses and Vulnerabilities in Software Systems |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11045 |
| primary_topic.field.id | https://openalex.org/fields/33 |
| primary_topic.field.display_name | Social Sciences |
| primary_topic.score | 0.9871000051498413 |
| primary_topic.domain.id | https://openalex.org/domains/2 |
| primary_topic.domain.display_name | Social Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/3312 |
| primary_topic.subfield.display_name | Sociology and Political Science |
| primary_topic.display_name | Privacy, Security, and Data Protection |
| related_works | https://openalex.org/W2141388993, https://openalex.org/W1978034799, https://openalex.org/W2999607548, https://openalex.org/W2956597637, https://openalex.org/W2044639210, https://openalex.org/W2293245356, https://openalex.org/W4225160120, https://openalex.org/W23486959, https://openalex.org/W1588942021, https://openalex.org/W1981466760 |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2112.13997 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2112.13997 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2112.13997 |
| primary_location.id | pmh:oai:arXiv.org:2112.13997 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2112.13997 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2112.13997 |
| publication_date | 2021-12-28 |
| publication_year | 2021 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 92, 114, 165 |
| abstract_inverted_index.11 | 152 |
| abstract_inverted_index.In | 0 |
| abstract_inverted_index.as | 10 |
| abstract_inverted_index.by | 24, 33 |
| abstract_inverted_index.in | 37, 78, 85, 99, 104, 108, 126 |
| abstract_inverted_index.is | 6 |
| abstract_inverted_index.it | 163 |
| abstract_inverted_index.of | 96, 117, 119, 151 |
| abstract_inverted_index.on | 62, 74 |
| abstract_inverted_index.to | 88, 148, 157 |
| abstract_inverted_index.922 | 76 |
| abstract_inverted_index.CVE | 87 |
| abstract_inverted_index.CWE | 80, 105, 160 |
| abstract_inverted_index.The | 41, 140 |
| abstract_inverted_index.all | 75 |
| abstract_inverted_index.and | 14, 22, 46, 49, 65, 81, 106, 134, 136, 170 |
| abstract_inverted_index.are | 18, 30, 53 |
| abstract_inverted_index.for | 63, 167 |
| abstract_inverted_index.has | 90 |
| abstract_inverted_index.led | 147 |
| abstract_inverted_index.new | 153 |
| abstract_inverted_index.our | 4, 11, 72, 145 |
| abstract_inverted_index.the | 55, 79, 86, 149, 159 |
| abstract_inverted_index.CVE. | 109 |
| abstract_inverted_index.also | 111 |
| abstract_inverted_index.been | 124 |
| abstract_inverted_index.both | 100, 168 |
| abstract_inverted_index.data | 13 |
| abstract_inverted_index.date | 89 |
| abstract_inverted_index.era, | 3 |
| abstract_inverted_index.from | 144 |
| abstract_inverted_index.have | 123 |
| abstract_inverted_index.main | 56 |
| abstract_inverted_index.many | 25 |
| abstract_inverted_index.only | 102, 113 |
| abstract_inverted_index.rely | 61 |
| abstract_inverted_index.that | 58, 122 |
| abstract_inverted_index.this | 1 |
| abstract_inverted_index.very | 93 |
| abstract_inverted_index.(CVE) | 51 |
| abstract_inverted_index.(CWE) | 45 |
| abstract_inverted_index.0.1\% | 107 |
| abstract_inverted_index.These | 110 |
| abstract_inverted_index.areas | 118 |
| abstract_inverted_index.cover | 112 |
| abstract_inverted_index.found | 36, 91 |
| abstract_inverted_index.often | 31 |
| abstract_inverted_index.small | 94, 115 |
| abstract_inverted_index.study | 73, 146 |
| abstract_inverted_index.those | 38 |
| abstract_inverted_index.under | 7 |
| abstract_inverted_index.4.45\% | 103 |
| abstract_inverted_index.Common | 42, 47 |
| abstract_inverted_index.become | 164 |
| abstract_inverted_index.common | 154 |
| abstract_inverted_index.formed | 32 |
| abstract_inverted_index.making | 162 |
| abstract_inverted_index.number | 116 |
| abstract_inverted_index.raised | 125 |
| abstract_inverted_index.source | 166 |
| abstract_inverted_index.threat | 9 |
| abstract_inverted_index.156,537 | 82 |
| abstract_inverted_index.Privacy | 28 |
| abstract_inverted_index.attacks | 29 |
| abstract_inverted_index.digital | 2 |
| abstract_inverted_index.privacy | 5, 120, 128, 132, 155, 171 |
| abstract_inverted_index.sources | 57 |
| abstract_inverted_index.system, | 161 |
| abstract_inverted_index.systems | 52 |
| abstract_inverted_index.threats | 121 |
| abstract_inverted_index.However, | 71 |
| abstract_inverted_index.Weakness | 43 |
| abstract_inverted_index.constant | 8 |
| abstract_inverted_index.coverage | 95 |
| abstract_inverted_index.existing | 127 |
| abstract_inverted_index.insights | 142 |
| abstract_inverted_index.personal | 12 |
| abstract_inverted_index.publicly | 67 |
| abstract_inverted_index.relevant | 137 |
| abstract_inverted_index.security | 169 |
| abstract_inverted_index.software | 26, 39, 59, 69, 129 |
| abstract_inverted_index.systems, | 101 |
| abstract_inverted_index.Exposures | 50 |
| abstract_inverted_index.currently | 54 |
| abstract_inverted_index.disclosed | 68 |
| abstract_inverted_index.engineers | 60 |
| abstract_inverted_index.generated | 143 |
| abstract_inverted_index.processed | 21 |
| abstract_inverted_index.reputable | 138 |
| abstract_inverted_index.research, | 131 |
| abstract_inverted_index.traceable | 15 |
| abstract_inverted_index.actionable | 141 |
| abstract_inverted_index.activities | 17 |
| abstract_inverted_index.collected, | 20 |
| abstract_inverted_index.exploiting | 34 |
| abstract_inverted_index.frequently | 19 |
| abstract_inverted_index.preventing | 66 |
| abstract_inverted_index.registered | 84 |
| abstract_inverted_index.supplement | 158 |
| abstract_inverted_index.weaknesses | 77, 156 |
| abstract_inverted_index.Enumeration | 44 |
| abstract_inverted_index.engineering | 130 |
| abstract_inverted_index.frameworks, | 135 |
| abstract_inverted_index.regulations | 133 |
| abstract_inverted_index.transferred | 23 |
| abstract_inverted_index.introduction | 150 |
| abstract_inverted_index.applications. | 27, 40 |
| abstract_inverted_index.understanding | 64 |
| abstract_inverted_index.online/offline | 16 |
| abstract_inverted_index.organisations. | 139 |
| abstract_inverted_index.Vulnerabilities | 48 |
| abstract_inverted_index.privacy-related | 97 |
| abstract_inverted_index.vulnerabilities | 35, 83, 98 |
| abstract_inverted_index.vulnerabilities. | 70, 172 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 3 |
| sustainable_development_goals[0].id | https://metadata.un.org/sdg/16 |
| sustainable_development_goals[0].score | 0.6800000071525574 |
| sustainable_development_goals[0].display_name | Peace, Justice and strong institutions |
| citation_normalized_percentile |