idw – Informationsdienst Wissenschaft

Nachrichten, Termine, Experten

Grafik: idw-Logo
Advanced Search ?
Home > Press release: Security vulnerabilities are growing ...
Science Video Project
idw-Abo
idw-News App:

AppStore

Google Play Store

Instance:
Share on: 
07/24/2025 15:38

Security vulnerabilities are growing faster than the code

Michael Lindner Presse
Agentur für Innovation in der Cybersicherheit GmbH

    From Bachelor’s Thesis to Las Vegas

    Security vulnerabilities are growing faster than the code

    The number of newly discovered security vulnerabilities in software is rising rapidly. At an international conference in Las Vegas, a young German researcher presented her findings on what is behind this trend. In an interview, Joline Wochnik explains why software is becoming increasingly complex – but not necessarily more secure – how she presented her research at the World Congress in Computer Science, and why this topic concerns us all.

    Joline Wochnik is a master's student in data science and a research officer at the Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur). The 24-year-old presented her research paper on the exponential growth of security vulnerabilities – a paper she co-authored with Olivia Gräupner and Prof. Dr. Christian Hummert and Prof. Dr. Michael Spranger – at the 2024 World Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE'24) in Las Vegas. The international conference, which received submissions from 57 countries, provided a high-profile forum for her findings. The paper was based on Wochnik's bachelor's thesis and was published this year by Springer Nature. In it, Joline Wochnik investigated how rapidly the number of security vulnerabilities in software is increasing and what factors could be influencing this development. Her studies deepened her awareness that security vulnerabilities are a central issue in IT security – and with her research, she is now laying the foundation for a better understanding of the phenomenon.

    Question: How did your bachelor's thesis lead you to a world congress in Las Vegas?

    Wochnik: The idea for the topic of security vulnerabilities in software was actually suggested to me by the Scientific Director of Cyberagentur, Prof. Dr. Christian Hummert. I had initially considered several topics for my bachelor's thesis, but this one really convinced me. Security vulnerabilities play an enormously important role in cyber security today, as we can notice almost every day. So I found it exciting to investigate how rapidly their number is actually increasing and what factors influence this growth. The core findings of the bachelor's thesis then became a scientific paper that we submitted to the CSCE'24 conference. To my great delight, it was accepted, and I was able to present it in Las Vegas. It was an exciting opportunity, of course: a huge conference with contributions from all over the world. It was very impressive for me to stand on such a stage and present our findings to an international audience.

    Question: What exactly is your research about? Can you explain the topic in layman's terms?

    Wochnik: Sure. Put simply, we investigated how quickly the number of security vulnerabilities in software has grown over the years. Our hypothesis was that their numbers follow an exponential trend – in other words, it grows faster and faster, multiplying by the same factor at regular intervals rather than increasing evenly. At the same time, we wanted to find out whether this increase could perhaps be explained simply by the fact that software is becoming more and more comprehensive. Code also grows over time, for example through updates, new functions and programmes. We therefore looked at the development of code bases – i.e. how many lines of code there are per piece of software – and compared this with the development of reported security vulnerabilities. The result was quite revealing: the number of security vulnerabilities discovered is indeed increasing exponentially, while the length of code seems to only be growing linearly. Put simply, software is getting bigger all the time, but the number of security vulnerabilities is increasing even faster. The increase in code size alone cannot explain this rapid rise in vulnerabilities. This suggests that other and potentially more factors are at play – for example, changes in software quality or maybe simply the fact that more people are looking for security vulnerabilities worldwide. In any case, this poses a real challenge for cyber security, as an exponential increase in security vulnerabilities presents us with an ever-growing risk.

    Question: Why was it important for you to conduct this study now?

    Wochnik: We are currently seeing the digital infrastructure grow steadily in all areas of life – from smart homes to Industry 4.0. The more software we use, the more important it becomes to understand how security vulnerabilities develop and to identify the possible reasons for this. Our study lays the foundation for systematically recording the increase in security vulnerabilities in code. This creates a basis for further research. Especially now, when cyber attacks and new security vulnerabilities are regularly in the headlines, it is crucial to examine such trends scientifically. If we understand the conditions under which security vulnerabilities are increasing so rapidly and why, we can ultimately develop better strategies to counteract them.

    Question: How were your findings received at the conference in Las Vegas?

    Wochnik: Very positively. My presentation at CSCE'24 seemed to have sparked the interest of the audience – there were many in-depth questions from the audience and some experts also approached me personally afterwards to talk about the topic. I was naturally delighted to receive this feedback. It shows that our topic is resonating worldwide. It was my first time on such a large international stage, especially in Las Vegas – it was something really special. In addition to the presentations, there were also many opportunities for networking, which allowed me to meet researchers from all over the world. Overall, the conference was an incredibly enriching experience, both professionally and personally.

    Question: Your paper is being published by Springer Nature, in a volume alongside many established researchers. How important is such a publication for you as a young scientist?

    Wochnik: A publication is very valuable for young scientists – especially if you want to stay in academia. Publications allow you to make yourself known in the research community and show that you have something to contribute. In our case, we are of course particularly pleased to be publishing with a renowned publisher. This puts a little exclamation mark behind our work. But in general, every publication helps to anchor yourself in the research landscape and lay the foundations for further work. I would be delighted if our article inspires other groups to continue researching this topic.

    Question: Tell us a little about yourself – how did you get into IT security research?

    Wochnik: My path to cyber security research began at Mittweida University of Applied Sciences in Saxony. That's where I completed my bachelor's degree in general and digital forensics. During my studies, I had the opportunity to work with the Cyberagentur through an internship, which is how I came across the topic of the rise in cyber security gaps, which then became the topic of my bachelor's thesis. The bachelor's thesis – and also thanks to some exciting modules during my studies – really made me want to delve deeper into data analysis. That's why I'm now studying for a master's degree in data science alongside my job - continuing to work on research topics at the Cyberagentur. I find the combination of practical experience and study very enriching and enjoyable. At the end of my master's degree, I would like to look back on my previous research and see what I might do differently with the knowledge I have today.

    Question: What is the next step for your research topic? Will you continue to investigate the development of security vulnerabilities?

    Wochnik: As I said, I see our work as a basis for further studies in this area. The data we have collected certainly offers many starting points. I could also imagine delving deeper into the topic later in a PhD – but time will tell. The important thing for now is to raise awareness: as a society, we should take software security vulnerabilities and their dynamics seriously. If we understand the influencing factors better, we can achieve a lot for everyone's digital security. The long-term view – for example, whether the exponential trend will continue – is crucial. For me personally, it's clear that I want to stay in cybersecurity research. The world is becoming increasingly digital, and I want to do my part to make it more secure.

    Further information:

    https://link.springer.com/conference/csce-1

    Contact:

    Agentur für Innovation in der Cybersicherheit GmbH
    Große Steinstraße 19
    06108 Halle (Saale)
    Michael Lindner
    Press Officer
    Tel.: +49 151 44150 645
    Email: presse@cyberagentur.de

    Background: Cyberagentur

    The Agency for Innovation in Cybersecurity GmbH (Cyberagentur) was founded in 2020 as a wholly-owned in-house company of the German Federal Government under the joint leadership of the German Federal Ministry of Defence and the German Federal Ministry of the Interior and Community with the aim of taking an application-strategy-based and cross-departmental view of internal and external security in the field of cybersecurity. Against this backdrop, the work of the Cyberagentur is primarily aimed at the institutionalised implementation of highly innovative projects that are associated with a high risk of not achieving their objectives, but at the same time have a very high disruptive potential if successful.

    The Cyberagentur is part of the National Security Strategy of the Federal Republic of Germany.

    Contact for scientific information:

    Joline Wochnik, master's student in data science and a research officer

    Original publication:

    https://www.cyberagentur.de/en/press/sicherheitsluecken-wachsen-schneller-als-de...

    More information:

    https://link.springer.com/conference/csce-1

    Images

    Joline Wochnik attracted attention at CSCE'24 in Las Vegas with her investigation into the rapid increase of security vulnerabilities — the paper has now been published in the conference proceedings by Springer Nature.
    Joline Wochnik attracted attention at CSCE'24 in Las Vegas with her investigation into the rapid inc ...
    Source: Springer Nature/freepik
    Copyright: Cyberagentur

    Criteria of this press release:
    Business and commerce, Journalists, Scientists and scholars, Students
    Economics / business administration, Information technology, Physics / astronomy, Social studies
    transregional, national
    Research results, Scientific Publications
    English

     

    Joline Wochnik attracted attention at CSCE'24 in Las Vegas with her investigation into the rapid increase of security vulnerabilities — the paper has now been published in the conference proceedings by Springer Nature.


    For download

    x

    Help

    Search / advanced search of the idw archives
    Combination of search terms

    You can combine search terms with and, or and/or not, e.g. Philo not logy.

    Brackets

    You can use brackets to separate combinations from each other, e.g. (Philo not logy) or (Psycho and logy).

    Phrases

    Coherent groups of words will be located as complete phrases if you put them into quotation marks, e.g. “Federal Republic of Germany”.

    Selection criteria

    You can also use the advanced search without entering search terms. It will then follow the criteria you have selected (e.g. country or subject area).

    If you have not selected any criteria in a given category, the entire category will be searched (e.g. all subject areas or all countries).