English
Related papers

Related papers: CVE Breadcrumbs: Tracking Vulnerabilities Through …

200 papers

As the number of Common Vulnerabilities and Exposures (CVE) continues to grow exponentially, security teams face increasingly difficult decisions about prioritization. Current approaches using Common Vulnerability Scoring System (CVSS)…

Cryptography and Security · Computer Science 2026-03-05 Naoyuki Shimizu , Masaki Hashimoto

We present a constructive proof that a single C program, the \emph{Vulnerability Factory}, admits a countably infinite set of distinct, independently CVE-assignable software vulnerabilities. We formalise the argument using elementary set…

Computational Complexity · Computer Science 2026-05-04 Eireann Leverett , Jeroen van der Ham-de Vos

In 2024, the Linux kernel became its own Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA), formalizing how kernel vulnerabilities are identified and tracked. We analyze the anatomy and dynamics of kernel CVEs using…

Software Engineering · Computer Science 2026-05-26 Piotr Przymus , Witold Weiner , Krzysztof Rykaczewski , Gunnar Kudrjavets

Many public sources of cyber threat and vulnerability information exist to help defend cyber systems. This paper links MITRE's ATT&CK MATRIX of Tactics and Techniques, NIST's Common Weakness Enumerations (CWE), Common Vulnerabilities and…

Cryptography and Security · Computer Science 2021-02-11 Erik Hemberg , Jonathan Kelly , Michal Shlapentokh-Rothman , Bryn Reinstadler , Katherine Xu , Nick Rutar , Una-May O'Reilly

Third-party library dependencies are commonplace in today's software development. With the growing threat of security vulnerabilities, applying security fixes in a timely manner is important to protect software systems. As such, the…

Software Engineering · Computer Science 2022-05-18 Ayano Ikegami , Raula Gaikovina Kula , Bodin Chinthanet , Vittunyuta Maeprasart , Ali Ouni , Takashi Ishio , Kenichi Matsumoto

Vulnerabilities in open-source software can cause cascading effects in the modern digital ecosystem. It is especially worrying if these vulnerabilities repeat across many projects, as once the adversaries find one of them, they can scale up…

Cryptography and Security · Computer Science 2025-05-27 Jafar Akhoundali , Hamidreza Hamidi , Kristian Rietveld , Olga Gadyatskaya

Software vulnerabilities remain a critical security challenge, providing entry points for attackers into enterprise networks. Despite advances in security practices, the lack of high-quality datasets capturing diverse exploit behavior…

Cryptography and Security · Computer Science 2025-11-17 Alireza Lotfi , Charalampos Katsis , Elisa Bertino

This empirical paper examines the time delays that occur between the publication of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) information…

Cryptography and Security · Computer Science 2018-01-12 Jukka Ruohonen

We study 10 C/C++ projects that have been using a static analysis security testing tool. We analyze the historical scan reports generated by the tool and study how frequently memory-related alerts appeared. We also studied the subsequent…

Software Engineering · Computer Science 2021-04-12 Nasif Imtiaz , Laurie Williams

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source…

Weaknesses in computer systems such as faults, bugs and errors in the architecture, design or implementation of software provide vulnerabilities that can be exploited by attackers to compromise the security of a system. Common Weakness…

Machine Learning · Computer Science 2021-02-24 Siddhartha Shankar Das , Edoardo Serra , Mahantesh Halappanavar , Alex Pothen , Ehab Al-Shaer

While there is a large body of work on analyzing concurrency related software bugs and developing techniques for detecting and patching them, little attention has been given to concurrency related security vulnerabilities. The two are…

Cryptography and Security · Computer Science 2022-12-13 Zunchen Huang , Shengjian Guo , Meng Wu , Chao Wang

The realm of technology frequently confronts threats posed by adversaries exploiting loopholes in programs. Among these, the Log4Shell vulnerability in the Log4j library stands out due to its widespread impact. Log4j, a prevalent software…

Cryptography and Security · Computer Science 2025-01-30 John Doll , Carson McCarthy , Hannah McDougall , Suman Bhunia

The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification…

Cryptography and Security · Computer Science 2022-12-05 Andreas Schaad , Dominik Binder

In this paper, we perform a comprehensive study of 2,470 patched Android vulnerabilities that we collect from different data sources such as Android security bulletins, CVEDetails, Qualcomm Code Aurora, AOSP Git repository, and Linux…

Cryptography and Security · Computer Science 2019-05-24 Sadegh Farhang , Mehmet Bahadir Kirdan , Aron Laszka , Jens Grossklags

The software build process transforms source code into deployable artifacts, representing a critical yet vulnerable stage in software development. Build infrastructure security poses unique challenges: the complexity of multi-component…

In recent years, code security has become increasingly important, especially with the rise of interconnected technologies. Detecting vulnerabilities early in the software development process has demonstrated numerous benefits. Consequently,…

Software Engineering · Computer Science 2024-07-22 José Gonçalves , Tiago Dias , Eva Maia , Isabel Praça

The Common Vulnerabilities and Exposures (CVE) represent standard means for sharing publicly known information security vulnerabilities. One or more CVEs are grouped into the Common Weakness Enumeration (CWE) classes for the purpose of…

Cryptography and Security · Computer Science 2022-04-04 Ehsan Aghaei , Waseem Shadid , Ehab Al-Shaer

Python applications depend on third-party native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these native libraries, determining which Python packages…

Due to the ever-increasing threat of cyber-attacks to critical cyber infrastructure, organizations are focusing on building their cybersecurity knowledge base. A salient list of cybersecurity knowledge is the Common Vulnerabilities and…

Cryptography and Security · Computer Science 2021-08-05 Benjamin Ampel , Sagar Samtani , Steven Ullman , Hsinchun Chen