English
Related papers

Related papers: My Software has a Vulnerability, should I worry?

200 papers

Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and…

Cryptography and Security · Computer Science 2018-07-30 Milda Petraityte , Ali Dehghantanha , Gregory Epiphaniou

Accurately assessing software vulnerabilities is essential for effective prioritization and remediation. While various scoring systems exist to support this task, their differing goals, methodologies and outputs often lead to inconsistent…

Cryptography and Security · Computer Science 2025-08-20 Viktoria Koscinski , Mark Nelson , Ahmet Okutan , Robert Falso , Mehdi Mirakhorli

Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their…

Cryptography and Security · Computer Science 2021-02-04 Assane Gueye , Peter Mell

The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most…

Cryptography and Security · Computer Science 2024-05-09 Julia Wunder , Andreas Kurtz , Christian Eichenmüller , Freya Gassmann , Zinaida Benenson

Mainstream software applications and tools are the configurable platforms with an enormous number of parameters along with their values. Certain settings and possible interactions between these parameters may harden (or soften) the security…

Software Engineering · Computer Science 2020-06-17 Shuvalaxmi Dass , Akbar Siami Namin

As the number of Common Vulnerabilities and Exposures (CVE) continues to grow exponentially, security teams face increasingly difficult decisions about prioritization. Current approaches using Common Vulnerability Scoring System (CVSS)…

Cryptography and Security · Computer Science 2026-03-05 Naoyuki Shimizu , Masaki Hashimoto

Background: Timely prioritising and remediating vulnerabilities are paramount in the dynamic cybersecurity field, and one of the most widely used vulnerability scoring systems (CVSS) does not address the increasing likelihood of emerging an…

Cryptography and Security · Computer Science 2024-05-15 Miguel Santana , Vinicius V. Cogo , Alan Oliveira de Sá

The Exploit Prediction Scoring System (EPSS) is designed to assess the probability of a vulnerability being exploited in the next 30 days relative to other vulnerabilities. The latest version, based on a research paper published in arXiv,…

Cryptography and Security · Computer Science 2024-11-06 Rianna Parla

Despite the massive investments in information security technologies and research over the past decades, the information security industry is still immature. In particular, the prioritization of remediation efforts within vulnerability…

Cryptography and Security · Computer Science 2019-08-15 Jay Jacobs , Sasha Romanosky , Benjamin Edwards , Michael Roytman , Idris Adjerid

Attacks can exploit zero-day or one-day vulnerabilities that are not publicly disclosed. To detect these vulnerabilities, security researchers monitor development activities in open-source repositories to identify unreported security…

Vulnerability databases are vital sources of information on emergent software security concerns. Security professionals, from system administrators to developers to researchers, heavily depend on these databases to track vulnerabilities and…

Cryptography and Security · Computer Science 2020-06-29 Afsah Anwar , Ahmed Abusnaina , Songqing Chen , Frank Li , David Mohaisen

The assessment of new vulnerabilities is an activity that accounts for information from several data sources and produces a `severity' score for the vulnerability. The Common Vulnerability Scoring System (\CVSS) is the reference standard…

Cryptography and Security · Computer Science 2018-03-22 Luca Allodi , Sebastian Banescu , Henning Femmer , Kristian Beckers

Background: Software Vulnerability (SV) assessment is increasingly adopted to address the ever-increasing volume and complexity of SVs. Data-driven approaches have been widely used to automate SV assessment tasks, particularly the…

Software Engineering · Computer Science 2024-07-16 Triet H. M. Le , M. Ali Babar

Manual vulnerability scoring, such as assigning Common Vulnerability Scoring System (CVSS) scores, is a resource-intensive process that is often influenced by subjective interpretation. This study investigates the potential of…

Cryptography and Security · Computer Science 2026-01-06 Sima Jafarikhah , Daniel Thompson , Eva Deans , Hossein Siadati , Yi Liu

The National Vulnerability Database (NVD) is a major vulnerability database that is free to use for everyone. It provides information about vulnerabilities and further useful resources such as linked advisories and patches. The NVD is often…

Cryptography and Security · Computer Science 2024-09-20 Julia Wunder , Alan Corona , Andreas Hammer , Zinaida Benenson

Current frameworks for evaluating security bug severity, such as the Common Vulnerability Scoring System (CVSS), prioritize the ratio of exploitability to impact. This paper suggests that the above approach measures the "known knowns" but…

Cryptography and Security · Computer Science 2025-03-25 Shue Long Chan

We present a novel idea on adequacy testing called ``{vulnerability coverage}.'' The introduced coverage measure examines the underlying software for the presence of certain classes of vulnerabilities often found in the National…

Cryptography and Security · Computer Science 2020-06-17 Shuvalaxmi Dass , Akbar Siami Namin

During software development, balancing security and non security issues is challenging. We focus on security awareness and approaches taken by non-security experts using software development issue trackers when considering security. We…

Software Engineering · Computer Science 2023-08-28 Léon McGregor , Manuel Maarek , Hans-Wolfgang Loidl

The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) vector and…

Cryptography and Security · Computer Science 2022-10-06 Philipp Kuehn , David N. Relke , Christian Reuter

Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV…

Software Engineering · Computer Science 2023-01-09 Triet H. M. Le , Huaming Chen , M. Ali Babar
‹ Prev 1 2 3 10 Next ›