Related papers: Security impact ratings considered harmful
Software updates are essential to enhance security, fix bugs, and add better features to the existing software. While some users accept software updates, non-compliance remains a widespread issue. While some users accept software updates,…
Experts agree that keeping systems up to date is a powerful security measure. Previous work found that users sometimes explicitly refrain from performing timely updates, e.g., due to bad experiences which has a negative impact on end-user…
Organizations struggle to handle sheer number of vulnerabilities in their cloud environments. The de facto methodology used for prioritizing vulnerabilities is to use Common Vulnerability Scoring System (CVSS). However, CVSS has inherent…
Software updates are critical to the performance, compatibility, and security of software systems. However, users do not always install updates, leaving their machines vulnerable to attackers' exploits. While recent studies have highlighted…
Owing to resource constraints, the existing prioritization and selection techniques for software security requirements (countermeasures) find a subset of higher-priority security requirements ignoring lower-priority requirements or…
Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and…
Nowadays, data has become an invaluable asset to entities and companies, and keeping it secure represents a major challenge. Data centers are responsible for storing data provided by software applications. Nevertheless, the number of…
Android devices are equipped with many pre-installed applications which have the capability of tracking and monitoring users. Although applications coming pre-installed pose a great danger to user security and privacy, they have received…
With the expansion of the Internet of Things (IoT), the number of security incidents due to insecure and misconfigured IoT devices is increasing. Especially on the consumer market, manufacturers focus on new features and early releases at…
Accurately assessing software vulnerabilities is essential for effective prioritization and remediation. While various scoring systems exist to support this task, their differing goals, methodologies and outputs often lead to inconsistent…
Most researchers acknowledge an intrinsic hierarchy in the scholarly journals ('journal rank') that they submit their work to, and adjust not only their submission but also their reading strategies accordingly. On the other hand, much has…
High-quality software products rely on both well-written source code and timely detection and thorough reporting of bugs. However, some programmers view bug reports as negative assessments of their work, leading them to withhold reporting…
As AI systems appear to exhibit ever-increasing capability and generality, assessing their true potential and safety becomes paramount. This paper contends that the prevalent evaluation methods for these systems are fundamentally…
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the…
Security holds an important role in a software. Most people are not aware of the significance of security in software system and tend to assume that they will be fine without security in their software systems. However, the lack of security…
AI safety practitioners invest considerable resources in AI system evaluations, but these investments may be wasted if evaluations fail to realize their impact. This paper questions the core value proposition of evaluations: that they…
Rankings are a fact of life. Whether or not one likes them, they exist and are influential. Within academia, and in computer science in particular, rankings not only capture our attention but also widely influence people who have a limited…
Bug reports are common artefacts in software development. They serve as the main channel for users to communicate to developers information about the issues that they encounter when using released versions of software programs. In the…
Interconnected autonomous systems often share security risks. However, an autonomous system lacks the incentive to make (sufficient) security investments if the cost exceeds its own benefit even though doing that would be socially…
A dilemma worth Shakespeare's Hamlet is increasingly haunting companies and security researchers: ``to update or not to update, this is the question``. From the perspective of recommended common practices by software vendors the answer is…