Search Results

Software vulnerabilities are intrinsically related to product-specific characteristics. The properties of a vulnerability, along with its severity, must be assessed in the context of the product wherein the vulnerability is located. In this paper, our ...

The Common Vulnerability Scoring System (CVSS) is widely used in the cybersecurity industry to assess the severity of vulnerabilities. However, manual assessments and human error can lead to delays and inconsistencies. This study employs ...

• Introducing an innovative ML approach for forecasting Common Vulnerability Scoring System (CVSS) scores.
• Proposing a theory-driven method for forecasting CVSS scores using cyber situational awareness theory.
• Utilizing interpretable ...

Vulnerability datasets have become an important instrument in software security research, being used to develop automated, machine learning-based vulnerability detection and patching approaches. Yet, any limitations of these datasets may translate into ...

Cyberattacks are becoming more sophisticated, and organizations are constantly under threat from various types of security breaches. To protect against these threats, it is essential to identify the vulnerability and impact of these weaknesses and ...

Securing code is crucial for all software stakeholders. Nevertheless, state-of-the-art tools are imperfect and tend to miss critical errors, resulting in zero-day vulnerabilities. Thus, there is a need for alternatives to mitigate such ...

Rust is an emerging, strongly-typed programming language focusing on efficiency and memory safety. With increasing projects adopting Rust, knowing how to use Unsafe Rust is crucial for Rust security. We observed that the description of safety ...

Cryptographic vulnerabilities can have a particularly far-reaching impact due to the ubiquity of cryptographic software. In this paper, we describe 30 cryptographic vulnerabilities, classify them according to a taxonomy published in previous work, ...

As the use of software containerisation has increased, so too has the need for security research on their usage, with various surveys and studies conducted to assess the overall security posture of software container images. To date, there has ...

In order to conduct a risk analysis on an ecosystem the potential threats to its assets must first be identified. The Risk Modelling Tool (RMT) of the CitySCAPE Project uses CWE - CAPEC - threat relationships that were mapped for identifying the ...

The digitalization of the modern society has made many organizations susceptible to cybercrime through exploitations of software vulnerabilities. The popular web servers Apache HTTP and Nginx make up around 65% of the market for web server ...

Security incidents and data breaches are increasing rapidly, and only a fraction of them is being reported. Public vulnerability databases, e.g., national vulnerability database (NVD) and common vulnerability and exposure (CVE), have been leading ...

Periodically, analysts in the cybersecurity sector, collect and share relevant data about recent cybercrime trends. These insights cover many aspects of the current cyber-threat scenario, including actors involved, motivations of the attacks, ...

With the continuous increase in reported Common Vulnerabilities and Exposures (CVEs), security teams are overwhelmed by vast amounts of data, which are often analyzed manually, leading to a slow and inefficient process. To address cybersecurity ...

Software development companies heavily invest both time and money to provide post-production support to fix security vulnerabilities in their products. Current techniques identify vulnerabilities from source code using static and dynamic analyses. ...

In this digital era, our privacy is under constant threat as our personal data and traceable online/offline activities are frequently collected, processed and transferred by many software applications. Privacy attacks are often formed by exploiting ...

This paper introduces a new family of CVE schemes built from generic errors (GE-CVE) and identifies a vulnerability therein. To introduce the problem, we generalize the concept of error sets beyond those defined by a metric, and use the set-...

This paper describes an application dedicated to collecting and mining reports of software safety vulnerabilities and exposures in physical systems. This work focuses on the clustering problem of such reports, which means grouping them through ...

Through a built-in security analysis feature based on metadata, this article provides a novel framework that starts with a scenario input and produces a collection of visualizations based on Common Attack Pattern Enumeration and ...

Security has become a crucial factor in the development of software systems. The number of dependencies in software systems is becoming a source of countless bugs and vulnerabilities. In the past, the product line community has proposed several ...

A honeypot is a controlled and secure environment to examine different threats and understand attack patterns. Due to the highly dynamic environments, the growing adoption and use of Internet of Things (IoT) devices make configuring honeypots ...