A survey on data-driven software vulnerability assessment and prioritization
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security
risks to many software systems. Given the limited resources in practice, SV assessment and …
risks to many software systems. Given the limited resources in practice, SV assessment and …
Data preparation for software vulnerability prediction: A systematic literature review
Software Vulnerability Prediction (SVP) is a data-driven technique for software quality
assurance that has recently gained considerable attention in the Software Engineering …
assurance that has recently gained considerable attention in the Software Engineering …
Data quality for software vulnerability datasets
The use of learning-based techniques to achieve automated software vulnerability detection
has been of longstanding interest within the software security domain. These data-driven …
has been of longstanding interest within the software security domain. These data-driven …
Fine-grained commit-level vulnerability type prediction by CWE tree structure
Identifying security patches via code commits to allow early warnings and timely fixes for
Open Source Software (OSS) has received increasing attention. However, the existing …
Open Source Software (OSS) has received increasing attention. However, the existing …
Detecting and augmenting missing key aspects in vulnerability descriptions
Security vulnerabilities have been continually disclosed and documented. For the effective
understanding, management, and mitigation of the fast-growing number of vulnerabilities, an …
understanding, management, and mitigation of the fast-growing number of vulnerabilities, an …
Transferability of machine learning algorithm for IoT device profiling and identification
The lack of appropriate cyber security measures deployed on Internet of Things (IoT) makes
these devices prone to security issues. Consequently, the timely identification and detection …
these devices prone to security issues. Consequently, the timely identification and detection …
Software composition analysis for vulnerability detection: An empirical study on Java projects
Software composition analysis (SCA) tools are proposed to detect potential vulnerabilities
introduced by open-source software (OSS) imported as third-party libraries (TPL). With the …
introduced by open-source software (OSS) imported as third-party libraries (TPL). With the …
[HTML][HTML] A selective ensemble model for cognitive cybersecurity analysis
Dynamic data-driven vulnerability assessments face massive heterogeneous data contained
in, and produced by SOCs (Security Operations Centres). Manual vulnerability assessment …
in, and produced by SOCs (Security Operations Centres). Manual vulnerability assessment …
Vullibgen: Identifying vulnerable third-party libraries via generative pre-trained model
To avoid potential risks posed by vulnerabilities in third-party libraries, security researchers
maintain vulnerability databases (eg, NVD) containing vulnerability reports, each of which …
maintain vulnerability databases (eg, NVD) containing vulnerability reports, each of which …
Shedding light on CVSS scoring inconsistencies: A user-centric study on evaluating widespread security vulnerabilities
J Wunder, A Kurtz, C Eichenmüller… - … IEEE Symposium on …, 2024 - ieeexplore.ieee.org
The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the
severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric …
severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric …