English
Related papers

Related papers: Security impact ratings considered harmful

200 papers

Properly benchmarking a system is a difficult and intricate task. Unfortunately, even a seemingly innocuous benchmarking mistake can compromise the guarantees provided by a given systems security defense and also put its reproducibility and…

Cryptography and Security · Computer Science 2018-01-09 Erik van der Kouwe , Dennis Andriesse , Herbert Bos , Cristiano Giuffrida , Gernot Heiser

Nowadays, rating systems play a crucial role in the attraction of customers for different services. However, as it is difficult to detect a fake rating, attackers can potentially impact the rating's aggregated score unfairly. This malicious…

Computer Science and Game Theory · Computer Science 2022-08-05 Iman Vakilinia , Peyman Faizian , Mohammad Mahdi Khalili

Often, security is considered in an advanced stage of the implementation of a system, rather than integrating it into the system design. This leads to less secure systems, as the security mechanisms are only applied as an afterthought and…

Cryptography and Security · Computer Science 2014-08-13 Michael Tänzer

Current frameworks for evaluating security bug severity, such as the Common Vulnerability Scoring System (CVSS), prioritize the ratio of exploitability to impact. This paper suggests that the above approach measures the "known knowns" but…

Cryptography and Security · Computer Science 2025-03-25 Shue Long Chan

This paper raises concerns about the advantages of using statistical significance tests in research assessments as has recently been suggested in the debate about proper normalization procedures for citation indicators. Statistical…

Digital Libraries · Computer Science 2012-09-26 Jesper W. Schneider

Information security isn't just about software and hardware -- it's at least as much about policies and processes. But the research community overwhelmingly focuses on the former over the latter, while gaping policy and process problems…

Cryptography and Security · Computer Science 2024-03-25 Arvind Narayanan , Kevin Lee

Poor software quality can adversely affect application security by increasing the potential for a malicious breach of a system. Because computer security and cybersecurity are becoming such relevant topics for practicing software engineers,…

Computers and Society · Computer Science 2015-12-10 Nicole Radziwill , Jessica Romano , Diane Shorter , Morgan Benton

In recent years, researchers have proposed \emph{cyber-insurance} as a suitable risk-management technique for enhancing security in Internet-like distributed systems. However, amongst other factors, information asymmetry between the insurer…

Cryptography and Security · Computer Science 2012-02-07 Ranjan Pal , Pan Hui

Security reputation metrics (aka. security metrics) quantify the security levels of organization (e.g., hosting or Internet access providers) relative to comparable entities. They enable benchmarking and are essential tools for decision and…

Cryptography and Security · Computer Science 2023-02-15 Maciej Korczyński , Arman Noroozian

System administrators, similar to end users, may delay or avoid software patches, also known as updates, despite the impact their timely application can have on system security. These admins are responsible for large, complex, amalgamated…

Human-Computer Interaction · Computer Science 2023-07-10 Adam Jenkins , Maria Wolters , Kami Vaniea

While the existence of many security elements can be measured (e.g., vulnerabilities, security controls, or privacy controls), it is challenging to measure their relative security impact. In the physical world we can often measure the…

Cryptography and Security · Computer Science 2022-08-23 Peter Mell

Hardware vulnerabilities are generally considered more difficult to fix than software ones because they are persistent after fabrication. Thus, it is crucial to assess the security and fix the vulnerabilities at earlier design phases, such…

The computing research community needs to work much harder to address the downsides of our innovations. Between the erosion of privacy, threats to democracy, and automation's effect on employment (among many other issues), we can no longer…

In spite of the growing importance of software security and the industry demand for more cyber security expertise in the workforce, the effect of security education and experience on the ability to assess complex software security problems…

Computers and Society · Computer Science 2018-08-21 Luca Allodi , Marco Cremonini , Fabio Massacci , Woohyun Shim

Online rating systems are subject to malicious behaviors mainly by posting unfair rating scores. Users may try to individually or collaboratively promote or demote a product. Collaborating unfair rating 'collusion' is more damaging than…

Cryptography and Security · Computer Science 2012-11-06 Mohammad Allahbakhsh , Aleksandar Ignjatovic , Boualem Benatallah , Seyed-Mehdi-Reza Beheshti , Norman Foo , Elisa Bertino

Many cybersecurity breaches occur due to users not following good cybersecurity practices, chief among them being regulations for applying software patches to operating systems, updating applications, and maintaining strong passwords. We…

Multiagent Systems · Computer Science 2020-03-26 Nirav Ajmeri , Shubham Goyal , Munindar P. Singh

Current practice for evaluating recommender systems typically focuses on point estimates of user-oriented effectiveness metrics or business metrics, sometimes combined with additional metrics for considerations such as diversity and…

Information Retrieval · Computer Science 2023-09-13 Michael D. Ekstrand , Ben Carterette , Fernando Diaz

Software updates reduce the opportunity for exploitation. However, since updates can also introduce breaking changes, enterprises face the problem of balancing the need to secure software with updates with the need to support operations. We…

Cryptography and Security · Computer Science 2022-05-26 Giorgio Di Tizio , Michele Armellini , Fabio Massacci

Datasets are often generated in a sequential manner, where the previous samples and intermediate decisions or interventions affect subsequent samples. This is especially prominent in cases where there are significant human-AI interactions,…

Information Retrieval · Computer Science 2022-05-30 Ali Shirali

Password advice is constantly circulated by standards agencies, companies, websites and specialists. But there appears to be great diversity in terms of the advice that is given. Users have noticed that different websites are enforcing…

Cryptography and Security · Computer Science 2018-09-10 Hazel Murray , David Malone