Evaluating CVSS base score using vulnerability rewards programs
CVSS Base Score and the underlying metrics have been widely used. Recently there have
been attempts to validate them. Some of the researchers have questioned the CVSS metrics …
been attempts to validate them. Some of the researchers have questioned the CVSS metrics …
VIET: A tool for extracting essential information from vulnerability descriptions for CVSS evaluation
Security vulnerabilities can be patched in order based on their severity as indicated by an
assigned score, to minimize the chance and impact of potential exploits. However, it often …
assigned score, to minimize the chance and impact of potential exploits. However, it often …
Vuldeepecker: A deep learning-based system for vulnerability detection
The automatic detection of software vulnerabilities is an important research problem.
However, existing solutions to this problem rely on human experts to define features and …
However, existing solutions to this problem rely on human experts to define features and …
Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities
J Wunder, A Kurtz, C Eichenmüller… - arXiv preprint arXiv …, 2023 - arxiv.org
The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the
severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric …
severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric …
Enabling Multi-Layer Threat Analysis in Dynamic Cloud Environments
Most Threat Analysis (TA) techniques analyze threats to targeted assets (eg, components,
services) by considering static interconnections among them. However, in dynamic …
services) by considering static interconnections among them. However, in dynamic …
Spiral^ SRA: a threat-specific security risk assessment framework for the cloud
Conventional security risk assessment approaches for cloud infrastructures do not explicitly
consider risk with respect to specific threats. This is a challenge for a cloud provider because …
consider risk with respect to specific threats. This is a challenge for a cloud provider because …
The Holy Grail of Vulnerability Predictions
F Massacci - IEEE Security & Privacy, 2024 - ieeexplore.ieee.org
The Holy Grail of Vulnerability Predictions Page 1 4 January/February 2024 Copublished by
the IEEE Computer and Reliability Societies 1540-7993/24©2024IEEE FROM THE EDITORS …
the IEEE Computer and Reliability Societies 1540-7993/24©2024IEEE FROM THE EDITORS …
An empirical study of deep learning models for vulnerability detection
B Steenhoek, MM Rahman, R Jiles… - 2023 IEEE/ACM 45th …, 2023 - ieeexplore.ieee.org
Deep learning (DL) models of code have recently reported great progress for vulnerability
detection. In some cases, DL-based models have outperformed static analysis tools …
detection. In some cases, DL-based models have outperformed static analysis tools …
Interpreting deep learning-based vulnerability detector predictions based on heuristic searching
Detecting software vulnerabilities is an important problem and a recent development in
tackling the problem is the use of deep learning models to detect software vulnerabilities …
tackling the problem is the use of deep learning models to detect software vulnerabilities …
Threat modeling for cloud infrastructures
N Alhebaishi, L Wang, A Singhal - EAI Endorsed Transactions …, 2018 - publications.eai.eu
Today's businesses are increasingly relying on the cloud as an alternative IT solution due to
its flexibility and lower cost. Compared to traditional enterprise networks, a cloud …
its flexibility and lower cost. Compared to traditional enterprise networks, a cloud …