A survey on data-driven software vulnerability assessment and prioritization
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security
risks to many software systems. Given the limited resources in practice, SV assessment and …
risks to many software systems. Given the limited resources in practice, SV assessment and …
Linking cve's to mitre att&ck techniques
A Kuppa, L Aouad, NA Le-Khac - … of the 16th International Conference on …, 2021 - dl.acm.org
The MITRE Corporation is a non-profit organization that has made substantial efforts into
creating and maintaining knowledge bases relevant to cybersecurity and has been widely …
creating and maintaining knowledge bases relevant to cybersecurity and has been widely …
Fighting N-day vulnerabilities with automated CVSS vector prediction at disclosure
C Elbaz, L Rilling, C Morin - … of the 15th International Conference on …, 2020 - dl.acm.org
The Common Vulnerability Scoring System (CVSS) is the industry standard for describing
the characteristics of a software vulnerability and measuring its severity. However, during the …
the characteristics of a software vulnerability and measuring its severity. However, during the …
Cvss-bert: Explainable natural language processing to determine the severity of a computer security vulnerability from its description
When a new computer security vulnerability is publicly disclosed, only a textual description
of it is available. Cybersecurity experts later provide an analysis of the severity of the …
of it is available. Cybersecurity experts later provide an analysis of the severity of the …
Evocatio: Conjuring bug capabilities from a single poc
Z Jiang, S Gan, A Herrera, F Toffalini… - Proceedings of the …, 2022 - dl.acm.org
The popularity of coverage-guided greybox fuzzers has led to a tsunami of security-critical
bugs that developers must prioritize and fix. Knowing the capabilities a bug exposes (eg …
bugs that developers must prioritize and fix. Knowing the capabilities a bug exposes (eg …
Common vulnerability scoring system prediction based on open source intelligence information sources
The number of newly published vulnerabilities is constantly increasing. Until now, the
information available when a new vulnerability is published is manually assessed by experts …
information available when a new vulnerability is published is manually assessed by experts …
[HTML][HTML] Reliability assessment of cyber-physical power systems considering the impact of predicted cyber vulnerabilities
This paper presents a reliability assessment technique for cyber-physical power systems
(CPPSs) that incorporates cybersecurity issues by considering non-normal random …
(CPPSs) that incorporates cybersecurity issues by considering non-normal random …
Enhanced (cyber) situational awareness: Using interpretable principal component analysis (iPCA) to automate vulnerability severity scoring
Abstract The Common Vulnerability Scoring System (CVSS) is widely used in the
cybersecurity industry to assess the severity of vulnerabilities. However, manual …
cybersecurity industry to assess the severity of vulnerabilities. However, manual …
[HTML][HTML] A selective ensemble model for cognitive cybersecurity analysis
Dynamic data-driven vulnerability assessments face massive heterogeneous data contained
in, and produced by SOCs (Security Operations Centres). Manual vulnerability assessment …
in, and produced by SOCs (Security Operations Centres). Manual vulnerability assessment …
Summarizing vulnerabilities' descriptions to support experts during vulnerability assessment activities
ER Russo, A Di Sorbo, CA Visaggio… - Journal of Systems and …, 2019 - Elsevier
Vulnerabilities affecting software and systems have to be promptly fixed, to prevent
violations to integrity, availability and confidentiality policies of targeted organizations. Once …
violations to integrity, availability and confidentiality policies of targeted organizations. Once …