English
Related papers

Related papers: Policy-Driven Vulnerability Risk Quantification fr…

200 papers

Enterprises are confronted with an unprecedented escalation in cybersecurity vulnerabilities, with thousands of new CVEs disclosed each month. Conventional prioritization frameworks such as CVSS offer static severity metrics that fail to…

Software Engineering · Computer Science 2026-05-26 Yelena Mujibur Sheikh , Awez Akhtar Khatik , Luoxi Tang , Yuqiao Meng , Zhaohan Xi

This paper presents the Cybersecurity Psychology Framework (CPF), a novel methodology for quantifying human-centric vulnerabilities in security operations through systematic integration of established psychological constructs with…

Cryptography and Security · Computer Science 2025-10-14 Giuseppe Canale

It is increasingly suggested to identify Software Vulnerabilities (SVs) in code commits to give early warnings about potential security risks. However, there is a lack of effort to assess vulnerability-contributing commits right after they…

Software Engineering · Computer Science 2021-08-19 Triet H. M. Le , David Hin , Roland Croft , M. Ali Babar

Considering the ever-evolving threat landscape and rapid changes in software development, we propose a risk assessment framework called SAFER (Software Analysis Framework for Evaluating Risk). This framework is based on the necessity of a…

Software Engineering · Computer Science 2024-12-25 Sarah Ali Siddiqui , Chandra Thapa , Rayne Holland , Wei Shao , Seyit Camtepe

Software Vulnerability (SV) assessment is a crucial process of determining different aspects of SVs (e.g., attack vectors and scope) for developers to effectively prioritize efforts in vulnerability mitigation. It presents a challenging and…

Software Engineering · Computer Science 2025-01-28 Xin-Cheng Wen , Jiaxin Ye , Cuiyun Gao , Lianwei Wu , Qing Liao

Cloud systems are dynamic environments which make it difficult to keep track of security risks that resources are exposed to. Traditionally, risk assessment is conducted for individual assets to evaluate existing threats; their results,…

Cryptography and Security · Computer Science 2022-06-16 Immanuel Kunz , Angelika Schneider , Christian Banse

Due to the ever-increasing threat of cyber-attacks to critical cyber infrastructure, organizations are focusing on building their cybersecurity knowledge base. A salient list of cybersecurity knowledge is the Common Vulnerabilities and…

Cryptography and Security · Computer Science 2021-08-05 Benjamin Ampel , Sagar Samtani , Steven Ullman , Hsinchun Chen

In this paper, we analyze the Common Platform Enumeration (CPE) dictionary and the Common Vulnerabilities and Exposures (CVE) feeds. These repositories are widely used in Vulnerability Management Systems (VMSs) to check for known…

Cryptography and Security · Computer Science 2017-05-16 Luis Alberto Benthin Sanguino , Rafael Uetz

The dynamic landscape of cybersecurity demands precise and scalable solutions for vulnerability management in heterogeneous systems, where configuration-specific vulnerabilities are often misidentified due to inconsistent data in databases…

Cryptography and Security · Computer Science 2025-05-21 Yuning Jiang , Feiyang Shang , Freedy Tan Wei You , Huilin Wang , Chia Ren Cong , Qiaoran Meng , Nay Oo , Hoon Wei Lim , Biplab Sikdar

Software Composition Analysis (SCA) has become pivotal in addressing vulnerabilities inherent in software project dependencies. In particular, reachability analysis is increasingly used in Open-Source Software (OSS) projects to identify…

Software Engineering · Computer Science 2025-06-25 Lyuye Zhang , Jian Zhang , Kaixuan Li , Chong Wang , Chengwei Liu , Jiahui Wu , Sen Chen , Yaowen Zheng , Yang Liu

Common Vulnerabilities and Exposures database (CVE) is one of the largest publicly available source of software and hardware vulnerability data and reports. In this work we analyze the CVE database in the context of IoT device and system…

Cryptography and Security · Computer Science 2020-07-01 Grzegorz J. Blinowski , Paweł Piotrowski

Cyberattacks on enterprise networks exploit complex dependencies among infrastructure, services, and applications, which challenge traditional analysis methods that focus on attack paths or network topology in isolation. In this study, we…

Cryptography and Security · Computer Science 2026-05-27 Joni Herttuainen , Vesa Kuikka , Kimmo K. Kaski

The Internet of Vehicles (IoV) equips vehicles with connectivity to the Internet and the Internet of Things (IoT) to support modern applications such as autonomous driving. However, the consolidation of complex computing domains of…

Cryptography and Security · Computer Science 2021-01-18 Jan Lauinger , Mudassar Aslam , Mohammad Hamad , Shahid Raza , Sebastian Steinhorst

The importance of cloud computing has grown over the last years, which resulted in a significant increase of Data Center (DC) network requirements. Virtualisation is one of the key drivers of that transformation and enables a massive…

Cryptography and Security · Computer Science 2023-04-13 Igor Ivkić , Dominik Thiede , Nicholas Race , Matthew Broadbent , Antonios Gouglidis

In cybersecurity, vulnerability assessment has typically focused on identifying and measuring vulnerabilities within digital assets and technical infrastructures. However, there is growing recognition that this approach alone is inadequate…

Identifying the vulnerabilities exploited during cyberattacks is essential for enabling timely responses and effective mitigation in software security. This paper directly examines the process of predicting software vulnerabilities,…

Cryptography and Security · Computer Science 2026-02-24 Refat Othman , Diaeddin Rimawi , Bruno Rossi , Barbara Russo

Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV…

Software Engineering · Computer Science 2023-01-09 Triet H. M. Le , Huaming Chen , M. Ali Babar

In many sequential decision-making problems we may want to manage risk by minimizing some measure of variability in costs in addition to minimizing a standard criterion. Conditional value-at-risk (CVaR) is a relatively new risk measure that…

Artificial Intelligence · Computer Science 2014-07-14 Yinlam Chow , Mohammad Ghavamzadeh

Identifying the impact scope and scale is critical for software supply chain vulnerability assessment. However, existing studies face substantial limitations. First, prior studies either work at coarse package-level granularity, producing…

Software Engineering · Computer Science 2025-10-10 Bonan Ruan , Zhiwei Lin , Jiahao Liu , Chuqi Zhang , Kaihang Ji , Zhenkai Liang

In vulnerability assessments, software component-based CVE attribution is a common method to identify possibly vulnerable systems at scale. However, such version-centric approaches yield high false-positive rates for binary distributed…

Cryptography and Security · Computer Science 2022-09-13 René Helmke , Johannes vom Dorp