A survey on data-driven software vulnerability assessment and prioritization
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security
risks to many software systems. Given the limited resources in practice, SV assessment and …
risks to many software systems. Given the limited resources in practice, SV assessment and …
Multitask-based evaluation of open-source llm on software vulnerability
This paper proposes a pipeline for quantitatively evaluating interactive Large Language
Models (LLMs) using publicly available datasets. We carry out an extensive technical …
Models (LLMs) using publicly available datasets. We carry out an extensive technical …
Distinguishing look-alike innocent and vulnerable code by subtle semantic representation learning and explanation
Though many deep learning (DL)-based vulnerability detection approaches have been
proposed and indeed achieved remarkable performance, they still have limitations in the …
proposed and indeed achieved remarkable performance, they still have limitations in the …
Automated event extraction of CVE descriptions
Context: The dramatically increasing number of vulnerabilities makes manual vulnerability
analysis increasingly more difficult. Automatic extraction of vulnerability information can help …
analysis increasingly more difficult. Automatic extraction of vulnerability information can help …
Aspect-level information discrepancies across heterogeneous vulnerability reports: Severity, types and detection methods
Vulnerable third-party libraries pose significant threats to software applications that reuse
these libraries. At an industry scale of reuse, manual analysis of third-party library …
these libraries. At an industry scale of reuse, manual analysis of third-party library …
Silent vulnerable dependency alert prediction with vulnerability key aspect explanation
Due to convenience, open-source software is widely used. For beneficial reasons, open-
source maintainers often fix the vulnerabilities silently, exposing their users unaware of the …
source maintainers often fix the vulnerabilities silently, exposing their users unaware of the …
Few-sample named entity recognition for security vulnerability reports by fine-tuning pre-trained language models
Public security vulnerability reports (eg, CVE reports) play an important role in the
maintenance of computer and network systems. Security companies and administrators rely …
maintenance of computer and network systems. Security companies and administrators rely …
A statistical relational learning approach towards products, software vulnerabilities and exploits
CF Pereira, JGL de Oliveira, RA Santos… - … on Network and …, 2023 - ieeexplore.ieee.org
Data on software vulnerabilities, products, and exploits are typically collected from multiple
non-structured sources. Valuable information, eg, on which products are affected by which …
non-structured sources. Valuable information, eg, on which products are affected by which …
Heterogeneous vulnerability report traceability recovery by vulnerability aspect matching
Security databases describe characteristics of discovered vulnerabilities in text for future
studying and patching. However, due to different maintainers having different perspectives …
studying and patching. However, due to different maintainers having different perspectives …
Dynamic Vulnerability Classification for Enhanced Cyber Situational Awareness
Cyber-threat landscape and adversarial capabilities have strengthened significantly due to
the digital transformation and increased computational capacity of individuals. To stay …
the digital transformation and increased computational capacity of individuals. To stay …