English
Related papers

Related papers: Automated Characterization of Software Vulnerabili…

200 papers

Software vulnerabilities have been continually disclosed and documented. An important practice in documenting vulnerabilities is to describe the key vulnerability aspects, such as vulnerability type, root cause, affected product, impact,…

Software Engineering · Computer Science 2020-08-07 Hao Guo , Zhenchang Xing , Xiaohong Li

The Common Vulnerabilities and Exposures (CVE) are pivotal information for proactive cybersecurity measures, including service patching, security hardening, and more. However, CVEs typically offer low-level, product-oriented descriptions of…

Cryptography and Security · Computer Science 2023-09-07 Ehsan Aghaei , Ehab Al-Shaer , Waseem Shadid , Xi Niu

Vulnerability Detection (VD) using machine learning faces a significant challenge: the vast diversity of vulnerability types. Each Common Weakness Enumeration (CWE) represents a unique category of vulnerabilities with distinct…

Cryptography and Security · Computer Science 2024-08-06 Syafiq Al Atiiq , Christian Gehrmann , Kevin Dahlén , Karim Khalil

In this paper, we analyze the Common Platform Enumeration (CPE) dictionary and the Common Vulnerabilities and Exposures (CVE) feeds. These repositories are widely used in Vulnerability Management Systems (VMSs) to check for known…

Cryptography and Security · Computer Science 2017-05-16 Luis Alberto Benthin Sanguino , Rafael Uetz

Weaknesses in computer systems such as faults, bugs and errors in the architecture, design or implementation of software provide vulnerabilities that can be exploited by attackers to compromise the security of a system. Common Weakness…

Machine Learning · Computer Science 2021-02-24 Siddhartha Shankar Das , Edoardo Serra , Mahantesh Halappanavar , Alex Pothen , Ehab Al-Shaer

Data-driven research on the automated discovery and repair of security vulnerabilities in source code requires comprehensive datasets of real-life vulnerable code and their fixes. To assist in such research, we propose a method to…

Software Engineering · Computer Science 2022-02-08 Guru Prasad Bhandari , Amara Naseer , Leon Moonen

Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system…

Vulnerabilities in software security can remain undiscovered even after being exploited. Linking attacks to vulnerabilities helps experts identify and respond promptly to the incident. This paper introduces VULDAT, a classification tool…

Cryptography and Security · Computer Science 2024-07-12 Refat Othman , Bruno Rossi , Barbara Russo

Software Engineering researchers are increasingly using Natural Language Processing (NLP) techniques to automate Software Vulnerabilities (SVs) assessment using the descriptions in public repositories. However, the existing NLP-based…

Software Engineering · Computer Science 2021-03-23 Triet H. M. Le , Bushra Sabir , M. Ali Babar

Common Vulnerability and Exposure (CVE) records are fundamental to cybersecurity, offering unique identifiers for publicly known software and system vulnerabilities. Each CVE is typically assigned a Common Vulnerability Scoring System…

Cryptography and Security · Computer Science 2025-04-16 Francesco Marchiori , Denis Donadel , Mauro Conti

In the domain of security, vulnerabilities frequently remain undetected even after their exploitation. In this work, vulnerabilities refer to publicly disclosed flaws documented in Common Vulnerabilities and Exposures (CVE) reports.…

Cryptography and Security · Computer Science 2025-09-05 Refat Othman , Diaeddin Rimawi , Bruno Rossi , Barbara Russo

The rapid increase in cybersecurity vulnerabilities necessitates automated tools for analyzing and classifying vulnerability reports. This paper presents a novel Vulnerability Report Classifier that leverages the BERT (Bidirectional Encoder…

Cryptography and Security · Computer Science 2025-03-28 Himanshu Tiwari

In cybersecurity, CVEs (Common Vulnerabilities and Exposures) are publicly disclosed hardware or software vulnerabilities. These vulnerabilities are documented and listed in the NVD database maintained by the NIST. Knowledge of the CVEs…

Cryptography and Security · Computer Science 2023-12-06 Manuel Poisson , Valérie Viet Triem Tong , Gilles Guette , Frédéric Guihéry , Damien Crémilleux

Common Vulnerabilities and Exposures database (CVE) is one of the largest publicly available source of software and hardware vulnerability data and reports. In this work we analyze the CVE database in the context of IoT device and system…

Cryptography and Security · Computer Science 2020-07-01 Grzegorz J. Blinowski , Paweł Piotrowski

Identifying the vulnerabilities exploited during cyberattacks is essential for enabling timely responses and effective mitigation in software security. This paper directly examines the process of predicting software vulnerabilities,…

Cryptography and Security · Computer Science 2026-02-24 Refat Othman , Diaeddin Rimawi , Bruno Rossi , Barbara Russo

Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their…

Cryptography and Security · Computer Science 2021-02-04 Assane Gueye , Peter Mell

The lack of reliable sources of detailed information on the vulnerabilities of open-source software (OSS) components is a major obstacle to maintaining a secure software supply chain and an effective vulnerability management process.…

Cryptography and Security · Computer Science 2025-03-18 Antonino Sabetta , Michele Bezzi

The proliferation of software vulnerabilities poses a significant challenge for security databases and analysts tasked with their timely identification, classification, and remediation. With the National Vulnerability Database (NVD)…

Cryptography and Security · Computer Science 2024-03-05 Daniel Alfasi , Tal Shapira , Anat Bremler Barr

Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often…

With the drastic increase in the number of new vulnerabilities in the National Vulnerability Database (NVD) every year, the workload for NVD analysts to associate the Common Platform Enumeration (CPE) with the Common Vulnerabilities and…

Cryptography and Security · Computer Science 2024-05-24 Wanyu Hu , Vrizlynn L. L. Thing
‹ Prev 1 2 3 10 Next ›