English
Related papers

Related papers: Generating Informative CVE Description From Exploi…

200 papers

The knowledge on attacks contained in Cyber Threat Intelligence (CTI) reports is very important to effectively identify and quickly respond to cyber threats. However, this knowledge is often embedded in large amounts of text, and therefore…

Cryptography and Security · Computer Science 2021-04-20 Kiavash Satvat , Rigel Gjomemo , V. N. Venkatakrishnan

Knowledge graphs have shown promise for several cybersecurity tasks, such as vulnerability assessment and threat analysis. In this work, we present a new method for constructing a vulnerability knowledge graph from information in the…

Cryptography and Security · Computer Science 2023-05-16 Anders Mølmen Høst , Pierre Lison , Leon Moonen

We analyze answers generated by generative engines (GEs) from the perspectives of citation publishers and the content-injection barrier, defined as the difficulty for attackers to manipulate answers to user prompts by placing malicious…

Cryptography and Security · Computer Science 2026-03-03 Riku Mochizuki , Shusuke Komatsu , Souta Noguchi , Kazuto Ataka

The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) vector and…

Cryptography and Security · Computer Science 2022-10-06 Philipp Kuehn , David N. Relke , Christian Reuter

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin

Release notes are admitted as an essential document by practitioners. They contain the summary of the source code changes for the software releases, such as issue fixes, added new features, and performance improvements. Manually producing…

Software Engineering · Computer Science 2022-04-13 Sristy Sumana Nath , Banani Roy

Assessing the exploitability of software vulnerabilities at the time of disclosure is difficult and error-prone, as features extracted via technical analysis by existing metrics are poor predictors for exploit development. Moreover,…

Cryptography and Security · Computer Science 2022-02-04 Octavian Suciu , Connor Nelson , Zhuoer Lyu , Tiffany Bao , Tudor Dumitras

Due to the large amount of textual information available on Internet, it is of paramount relevance to use techniques that find relevant and concise content. A typical task devoted to the identification of informative sentences in documents…

Computation and Language · Computer Science 2018-03-23 Jorge V. Tohalino , Diego R. Amancio

(U.S) Rule-based policies to mitigate software risk suggest to use the CVSS score to measure the individual vulnerability risk and act accordingly: an HIGH CVSS score according to the NVD (National (U.S.) Vulnerability Database) is…

Cryptography and Security · Computer Science 2015-04-13 Luca Allodi , Fabio Massacci

The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification…

Cryptography and Security · Computer Science 2022-12-05 Andreas Schaad , Dominik Binder

The proliferation of software vulnerabilities poses a significant challenge for security databases and analysts tasked with their timely identification, classification, and remediation. With the National Vulnerability Database (NVD)…

Cryptography and Security · Computer Science 2024-03-05 Daniel Alfasi , Tal Shapira , Anat Bremler Barr

Large, complex networks are ubiquitous in nature and society, and there is great interest in developing rigorous, scalable methods for identifying and characterizing their vulnerabilities. This paper presents an approach for analyzing the…

Dynamical Systems · Mathematics 2010-12-30 Richard Colbaugh , Kristin Glass

The vast majority of cybersecurity information is unstructured text, including critical data within databases such as CVE, NVD, CWE, CAPEC, and the MITRE ATT&CK Framework. These databases are invaluable for analyzing attack patterns and…

Cryptography and Security · Computer Science 2024-12-24 Tanjim Bin Faruk

In this paper, we analyze the Common Platform Enumeration (CPE) dictionary and the Common Vulnerabilities and Exposures (CVE) feeds. These repositories are widely used in Vulnerability Management Systems (VMSs) to check for known…

Cryptography and Security · Computer Science 2017-05-16 Luis Alberto Benthin Sanguino , Rafael Uetz

In recent years, a proliferation of cyber-security threats and diversity has been on the rise culminating in an increase in their reporting and analysis. To counter that, many non-profit organizations have emerged in this domain, such as…

Cryptography and Security · Computer Science 2023-04-24 Ashraf Haddad , Najwa Aaraj , Preslav Nakov , Septimiu Fabian Mare

Vulnerability databases are vital sources of information on emergent software security concerns. Security professionals, from system administrators to developers to researchers, heavily depend on these databases to track vulnerabilities and…

Cryptography and Security · Computer Science 2020-06-29 Afsah Anwar , Ahmed Abusnaina , Songqing Chen , Frank Li , David Mohaisen

The National Vulnerability Database (NVD) publishes over a thousand new vulnerabilities monthly, with a projected 25 percent increase in 2024, highlighting the crucial need for rapid vulnerability identification to mitigate cybersecurity…

Computation and Language · Computer Science 2025-02-25 Rikhiya Ghosh , Hans-Martin von Stockhausen , Martin Schmitt , George Marica Vasile , Sanjeev Kumar Karn , Oladimeji Farri

This paper proposes a pipeline for quantitatively evaluating interactive LLMs such as ChatGPT using publicly available dataset. We carry out an extensive technical evaluation of ChatGPT using Big-Vul covering five different common software…

Software Engineering · Computer Science 2024-04-08 Xin Yin

Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their…

Cryptography and Security · Computer Science 2021-02-04 Assane Gueye , Peter Mell

Manual vulnerability scoring, such as assigning Common Vulnerability Scoring System (CVSS) scores, is a resource-intensive process that is often influenced by subjective interpretation. This study investigates the potential of…

Cryptography and Security · Computer Science 2026-01-06 Sima Jafarikhah , Daniel Thompson , Eva Deans , Hossein Siadati , Yi Liu