English
Related papers

Related papers: CVE representation to build attack positions graph…

200 papers

The proliferation of software vulnerabilities poses a significant challenge for security databases and analysts tasked with their timely identification, classification, and remediation. With the National Vulnerability Database (NVD)…

Cryptography and Security · Computer Science 2024-03-05 Daniel Alfasi , Tal Shapira , Anat Bremler Barr

Software vulnerabilities continue to pose significant threats to modern information systems, requiring a timely and accurate risk assessment. Public repositories, such as the National Vulnerability Database and CVE details, are regularly…

Cryptography and Security · Computer Science 2026-04-09 Luat Do , Jiao Yin , Jinli Cao , Hua Wang

Vulnerability databases, such as the National Vulnerability Database (NVD), offer detailed descriptions of Common Vulnerabilities and Exposures (CVEs), but often lack information on their real-world impact, such as the tactics, techniques,…

Cryptography and Security · Computer Science 2025-10-21 Anders Mølmen Høst , Pierre Lison , Leon Moonen

The National Vulnerability Disclosure Database is an invaluable source of information for security professionals and researchers. However, in some cases, a vulnerability report is initially published with incomplete information, a situation…

Cryptography and Security · Computer Science 2023-03-15 Kobra Khanmohammadi , Raphael Khoury

Data-driven research on the automated discovery and repair of security vulnerabilities in source code requires comprehensive datasets of real-life vulnerable code and their fixes. To assist in such research, we propose a method to…

Software Engineering · Computer Science 2022-02-08 Guru Prasad Bhandari , Amara Naseer , Leon Moonen

Security assessment relies on public information about products, vulnerabilities, and weaknesses. So far, databases in these categories have rarely been analyzed in combination. Yet, doing so could help predict unreported vulnerabilities…

Cryptography and Security · Computer Science 2024-02-13 Zhenpeng Shi , Nikolay Matyunin , Kalman Graffi , David Starobinski

Knowledge graphs have shown promise for several cybersecurity tasks, such as vulnerability assessment and threat analysis. In this work, we present a new method for constructing a vulnerability knowledge graph from information in the…

Cryptography and Security · Computer Science 2023-05-16 Anders Mølmen Høst , Pierre Lison , Leon Moonen

Vulnerabilities in software security can remain undiscovered even after being exploited. Linking attacks to vulnerabilities helps experts identify and respond promptly to the incident. This paper introduces VULDAT, a classification tool…

Cryptography and Security · Computer Science 2024-07-12 Refat Othman , Bruno Rossi , Barbara Russo

The dynamic landscape of cybersecurity demands precise and scalable solutions for vulnerability management in heterogeneous systems, where configuration-specific vulnerabilities are often misidentified due to inconsistent data in databases…

Cryptography and Security · Computer Science 2025-05-21 Yuning Jiang , Feiyang Shang , Freedy Tan Wei You , Huilin Wang , Chia Ren Cong , Qiaoran Meng , Nay Oo , Hoon Wei Lim , Biplab Sikdar

This paper presents a systematic study on the security of modern file systems, following a vulnerability-centric perspective. Specifically, we collected 377 file system vulnerabilities committed to the CVE database in the past 20 years. We…

Cryptography and Security · Computer Science 2022-04-28 Jinghan Sun , Shaobo Li , Jun Xu , Jian Huang

ICS environments are vital to the operation of critical infrastructure such as power grids, water treatment facilities, and manufacturing plants. However, these systems are vulnerable to cyber attacks due to their reliance on interconnected…

Cryptography and Security · Computer Science 2024-12-02 Can Ozkan , Dave Singelee

The exponential growth of Common Vulnerabilities and Exposures (CVE) disclosures poses significant challenges for enterprise security management, necessitating automated and quantitative risk assessment methodologies. Existing vulnerability…

Cryptography and Security · Computer Science 2026-04-09 Wanru Shao

The rapid increase in cybersecurity vulnerabilities necessitates automated tools for analyzing and classifying vulnerability reports. This paper presents a novel Vulnerability Report Classifier that leverages the BERT (Bidirectional Encoder…

Cryptography and Security · Computer Science 2025-03-28 Himanshu Tiwari

A preliminary attempt to use cryptographic keywords and analyze vulnerabilities published in the National Vulnerability Database is presented. Basic statistics and visualizations are included.

Cryptography and Security · Computer Science 2024-12-04 Martin Stanek

Mainstream software applications and tools are the configurable platforms with an enormous number of parameters along with their values. Certain settings and possible interactions between these parameters may harden (or soften) the security…

Software Engineering · Computer Science 2020-06-17 Shuvalaxmi Dass , Akbar Siami Namin

The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) vector and…

Cryptography and Security · Computer Science 2022-10-06 Philipp Kuehn , David N. Relke , Christian Reuter

We present a novel idea on adequacy testing called ``{vulnerability coverage}.'' The introduced coverage measure examines the underlying software for the presence of certain classes of vulnerabilities often found in the National…

Cryptography and Security · Computer Science 2020-06-17 Shuvalaxmi Dass , Akbar Siami Namin

Accurate mapping between Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) entries is critical for effective vulnerability management and risk assessment. However, public databases, such as the National…

Cryptography and Security · Computer Science 2026-04-27 Sevval Simsek , Varsha Athreya , David Starobinski

With the drastic increase in the number of new vulnerabilities in the National Vulnerability Database (NVD) every year, the workload for NVD analysts to associate the Common Platform Enumeration (CPE) with the Common Vulnerabilities and…

Cryptography and Security · Computer Science 2024-05-24 Wanyu Hu , Vrizlynn L. L. Thing

As the number of Common Vulnerabilities and Exposures (CVE) continues to grow exponentially, security teams face increasingly difficult decisions about prioritization. Current approaches using Common Vulnerability Scoring System (CVSS)…

Cryptography and Security · Computer Science 2026-03-05 Naoyuki Shimizu , Masaki Hashimoto