English
Related papers

Related papers: Generating Informative CVE Description From Exploi…

200 papers

Background: Construct validity concerns the use of indicators to measure a concept that is not directly measurable. Aim: This study intends to identify, categorize, assess and quantify discussions of threats to construct validity in…

Software Engineering · Computer Science 2023-06-09 Dag I. K. Sjøberg , Gunnar R. Bergersen

Common Vulnerabilities and Exposures database (CVE) is one of the largest publicly available source of software and hardware vulnerability data and reports. In this work we analyze the CVE database in the context of IoT device and system…

Cryptography and Security · Computer Science 2020-07-01 Grzegorz J. Blinowski , Paweł Piotrowski

Augmenting missing key aspects in Textual Vulnerability Descriptions (TVDs) is crucial for effective vulnerability analysis. For instance, in TVDs, key aspects include Attack Vector, Vulnerability Type, among others. These key aspects help…

Software Engineering · Computer Science 2024-12-17 Linyi Han , Shidong Pan , Zhenchang Xing , Jiamou Sun , Sofonias Yitagesu , Xiaowang Zhang , Zhiyong Feng

Modern infrastructures rely on software systems that remain vulnerable to cyberattacks. These attacks frequently exploit vulnerabilities documented in repositories such as MITRE's Common Vulnerabilities and Exposures (CVE). However, Cyber…

Cryptography and Security · Computer Science 2026-02-27 Refat Othman

Nowadays, threat reports from cybersecurity vendors incorporate detailed descriptions of attacks within unstructured text. Knowing vulnerabilities that are related to these reports helps cybersecurity researchers and practitioners…

Cryptography and Security · Computer Science 2024-07-12 Refat Othman , Bruno Rossi , Russo Barbara

Common Vulnerability and Exposure (CVE) records are fundamental to cybersecurity, offering unique identifiers for publicly known software and system vulnerabilities. Each CVE is typically assigned a Common Vulnerability Scoring System…

Cryptography and Security · Computer Science 2025-04-16 Francesco Marchiori , Denis Donadel , Mauro Conti

The Common Vulnerabilities and Exposures (CVEs) system is a reference method for documenting publicly known information security weaknesses and exposures. This paper presents a study of the lifetime of CVEs in software projects and the risk…

Cryptography and Security · Computer Science 2025-04-08 Piotr Przymus , Mikołaj Fejzer , Jakub Narębski , Krzysztof Stencel

The exponential growth of Common Vulnerabilities and Exposures (CVE) disclosures poses significant challenges for enterprise security management, necessitating automated and quantitative risk assessment methodologies. Existing vulnerability…

Cryptography and Security · Computer Science 2026-04-09 Wanru Shao

The software build process transforms source code into deployable artifacts, representing a critical yet vulnerable stage in software development. Build infrastructure security poses unique challenges: the complexity of multi-component…

Understanding cyber security is increasingly important for individuals and organizations. However, a lot of information related to cyber security can be difficult to understand to those not familiar with the topic. In this study, we focus…

Computation and Language · Computer Science 2026-02-13 Varpu Vehomäki , Kimmo K. Kaski

This short empirical paper investigates how well topic modeling and database meta-data characteristics can classify web and other proof-of-concept (PoC) exploits for publicly disclosed software vulnerabilities. By using a dataset comprised…

Cryptography and Security · Computer Science 2017-10-17 Jukka Ruohonen

This empirical paper examines the time delays that occur between the publication of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) information…

Cryptography and Security · Computer Science 2018-01-12 Jukka Ruohonen

The Proof-of-Concept (PoC) for a vulnerability is crucial in validating its existence, mitigating false positives, and illustrating the severity of the security threat it poses. However, research on PoCs significantly lags behind studies…

Software Engineering · Computer Science 2025-10-22 Wenjing Dang , Kaixuan Li , Sen Chen , Zhenwei Zhuo , Lyuye Zhang , Zheli Liu

Context: Security Vulnerabilities (SVs) pose many serious threats to software systems. Developers usually seek solutions to addressing these SVs on developer Question and Answer (Q&A) websites. However, there is still little known about…

Software Engineering · Computer Science 2021-09-10 Triet H. M. Le , Roland Croft , David Hin , M. Ali Babar

Extractive summarization is a task of highlighting the most important parts of the text. We introduce a new approach to extractive summarization task using hidden clustering structure of the text. Experimental results on CNN/DailyMail…

Computation and Language · Computer Science 2024-06-13 Tikhonov Pavel , Anastasiya Ianina , Valentin Malykh

The Common Vulnerabilities and Exposures (CVE) represent standard means for sharing publicly known information security vulnerabilities. One or more CVEs are grouped into the Common Weakness Enumeration (CWE) classes for the purpose of…

Cryptography and Security · Computer Science 2022-04-04 Ehsan Aghaei , Waseem Shadid , Ehab Al-Shaer

The National Vulnerability Disclosure Database is an invaluable source of information for security professionals and researchers. However, in some cases, a vulnerability report is initially published with incomplete information, a situation…

Cryptography and Security · Computer Science 2023-03-15 Kobra Khanmohammadi , Raphael Khoury

High-quality datasets of real-world vulnerabilities and their corresponding verifiable exploits are crucial resources in software security research. Yet such resources remain scarce, as their creation demands intensive manual effort and…

The National Vulnerability Database (NVD) is a major vulnerability database that is free to use for everyone. It provides information about vulnerabilities and further useful resources such as linked advisories and patches. The NVD is often…

Cryptography and Security · Computer Science 2024-09-20 Julia Wunder , Alan Corona , Andreas Hammer , Zinaida Benenson

The problems of unfaithful summaries have been widely discussed under the context of abstractive summarization. Though extractive summarization is less prone to the common unfaithfulness issues of abstractive summaries, does that mean…

Computation and Language · Computer Science 2023-05-31 Shiyue Zhang , David Wan , Mohit Bansal