English
Related papers

Related papers: CVE representation to build attack positions graph…

200 papers

Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their…

Cryptography and Security · Computer Science 2021-02-04 Assane Gueye , Peter Mell

Organizations struggle to handle sheer number of vulnerabilities in their cloud environments. The de facto methodology used for prioritizing vulnerabilities is to use Common Vulnerability Scoring System (CVSS). However, CVSS has inherent…

Cryptography and Security · Computer Science 2022-06-23 Muhammed Fatih Bulut , Abdulhamid Adebayo , Daby Sow , Steve Ocepek

Vulnerability Detection (VD) using machine learning faces a significant challenge: the vast diversity of vulnerability types. Each Common Weakness Enumeration (CWE) represents a unique category of vulnerabilities with distinct…

Cryptography and Security · Computer Science 2024-08-06 Syafiq Al Atiiq , Christian Gehrmann , Kevin Dahlén , Karim Khalil

Vulnerability identification constitutes a task of high importance for cyber security. It is quite helpful for locating and fixing vulnerable functions in large applications. However, this task is rather challenging owing to the absence of…

Cryptography and Security · Computer Science 2023-06-09 Ammar Ahmed , Anwar Said , Mudassir Shabbir , Xenofon Koutsoukos

Critical vulnerabilities with Common Vulnerability Scoring System scores of 9.0 or higher pose severe risks to organisations' information systems. Timely detection and remediation are essential to minimise economic and reputational damage…

Cryptography and Security · Computer Science 2026-04-23 Lena Sinterhauf , Andreas Aßmuth , Roland Kaltefleiter

In the domain of security, vulnerabilities frequently remain undetected even after their exploitation. In this work, vulnerabilities refer to publicly disclosed flaws documented in Common Vulnerabilities and Exposures (CVE) reports.…

Cryptography and Security · Computer Science 2025-09-05 Refat Othman , Diaeddin Rimawi , Bruno Rossi , Barbara Russo

The National Vulnerability Database (NVD) is a major vulnerability database that is free to use for everyone. It provides information about vulnerabilities and further useful resources such as linked advisories and patches. The NVD is often…

Cryptography and Security · Computer Science 2024-09-20 Julia Wunder , Alan Corona , Andreas Hammer , Zinaida Benenson

Threat analysis is continuously growing in importance due to the always-increasing complexity and frequency of cyber attacks. Analyzing threats demands significant effort from security experts: different cybersecurity knowledge bases…

Cryptography and Security · Computer Science 2026-01-13 Andrea Ciavotta , Alessandro Palma , Simone Lenti , Silvia Bonomi

Public vulnerability databases such as CVE and NVD account for only 60% of security vulnerabilities present in open-source projects, and are known to suffer from inconsistent quality. Over the last two years, there has been considerable…

Software Engineering · Computer Science 2019-11-19 Achyudh Ram , Ji Xin , Meiyappan Nagappan , Yaoliang Yu , Rocío Cabrera Lozoya , Antonino Sabetta , Jimmy Lin

Understanding cyber security is increasingly important for individuals and organizations. However, a lot of information related to cyber security can be difficult to understand to those not familiar with the topic. In this study, we focus…

Computation and Language · Computer Science 2026-02-13 Varpu Vehomäki , Kimmo K. Kaski

In today's rapidly evolving technological landscape and advanced software development, the rise in cyber security attacks has become a pressing concern. The integration of robust cyber security defenses has become essential across all…

Software Engineering · Computer Science 2023-11-02 Mounika Vanamala , Keith Bryant , Alex Caravella

Software projects are dependent on many third-party libraries, therefore high-risk vulnerabilities can propagate through the dependency chain to downstream projects. Owing to the subjective nature of patch management, software vendors…

Software Engineering · Computer Science 2024-09-16 Mei Han , Lulu Wang , Jianming Chang , Bixin Li , Chunguang Zhang

The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most…

Cryptography and Security · Computer Science 2024-05-09 Julia Wunder , Andreas Kurtz , Christian Eichenmüller , Freya Gassmann , Zinaida Benenson

As interconnected systems proliferate, safeguarding complex infrastructures against an escalating array of cyber threats has become an urgent challenge. The increasing number of vulnerabilities, combined with resource constraints, makes…

Cryptography and Security · Computer Science 2025-02-18 Yuning Jiang , Nay Oo , Qiaoran Meng , Hoon Wei Lim , Biplab Sikdar

High-quality datasets of real-world vulnerabilities and their corresponding verifiable exploits are crucial resources in software security research. Yet such resources remain scarce, as their creation demands intensive manual effort and…

Software vulnerabilities are commonly exploited as attack vectors in cyberattacks. Hence, it is crucial to identify vulnerable software configurations early to apply preventive measures. Effective vulnerability detection relies on…

Cryptography and Security · Computer Science 2024-12-24 Devesh Sawant , Manjesh K. Hanawal , Atul Kabra

When a new computer security vulnerability is publicly disclosed, only a textual description of it is available. Cybersecurity experts later provide an analysis of the severity of the vulnerability using the Common Vulnerability Scoring…

Computation and Language · Computer Science 2021-11-17 Mustafizur Shahid , Hervé Debar

Software vulnerabilities are flaws in computer software systems that pose significant threats to the integrity, security, and reliability of modern software and its application data. These vulnerabilities can lead to substantial economic…

Software Engineering · Computer Science 2024-11-11 Penghui Liu , Yingzhou Bi , Jiangtao Huang , Xinxin Jiang , Lianmei Wang

This research focuses on transforming CVEs to hands-on educational lab for cybersecurity training. The study shows the practical application of CVEs by developing containerized lab environments- Docker to simulate real-world vulnerabilities…

Cryptography and Security · Computer Science 2025-09-16 Trueye Tafese

Confidential Virtual Machines (CVMs) provide isolation guarantees for data in use, but their threat model does not include physical level protection and side-channel attacks. Therefore, current deployments rely on trusted cloud providers to…

Cryptography and Security · Computer Science 2025-06-19 Filip Rezabek , Jonathan Passerat-Palmbach , Moe Mahhouk , Frieder Erdmann , Andrew Miller