Search Results

Software vulnerabilities are intrinsically related to product-specific characteristics. The properties of a vulnerability, along with its severity, must be assessed in the context of the product wherein the vulnerability is located. In this paper, our ...

Vulnerability datasets have become an important instrument in software security research, being used to develop automated, machine learning-based vulnerability detection and patching approaches. Yet, any limitations of these datasets may translate into ...

Cyberattacks are becoming more sophisticated, and organizations are constantly under threat from various types of security breaches. To protect against these threats, it is essential to identify the vulnerability and impact of these weaknesses and ...

Rust is an emerging, strongly-typed programming language focusing on efficiency and memory safety. With increasing projects adopting Rust, knowing how to use Unsafe Rust is crucial for Rust security. We observed that the description of safety ...

With the continuous increase in reported Common Vulnerabilities and Exposures (CVEs), security teams are overwhelmed by vast amounts of data, which are often analyzed manually, leading to a slow and inefficient process. To address cybersecurity ...

Software development companies heavily invest both time and money to provide post-production support to fix security vulnerabilities in their products. Current techniques identify vulnerabilities from source code using static and dynamic analyses. ...

In this digital era, our privacy is under constant threat as our personal data and traceable online/offline activities are frequently collected, processed and transferred by many software applications. Privacy attacks are often formed by exploiting ...

Security has become a crucial factor in the development of software systems. The number of dependencies in software systems is becoming a source of countless bugs and vulnerabilities. In the past, the product line community has proposed several ...

Identification of cyber threats is one of the essential tasks for security teams. Currently, cyber threats can be identified using knowledge organized into various formats, enumerations, and knowledge bases. This paper studies the current challenges of ...

Motivation: A key premise of open source software is the ability to copy code to other open source projects (white-box reuse). Such copying accelerates development of new projects, but the code flaws in the original projects, such as vulnerabilities, may ...

Vulnerabilities publicly disclosed in the National Vulnerability Database (NVD) are assigned with CVE (Common Vulnerabilities and Exposures) IDs and associated with specific software versions. Many organizations, including IT companies and government, ...

Common Vulnerability and Exposure (CVE) reports published by Vulnerability Management Systems (VMSs) are used to evaluate the severity and exploitability of software vulnerabilities. Public vulnerability databases such as NVD uses the Common ...

Security vulnerabilities have been continually disclosed and documented. For the effective understanding, management, and mitigation of the fast-growing number of vulnerabilities, an important practice in documenting vulnerabilities is to describe the key ...

It is possible to forecast the volume of CVEs released within a time frame with a given prediction interval. For example, the number of CVEs published between now and a year from now can be forecast within 8% of the actual value. Different predictive ...

Avatars are in use when interacting in virtual environments in different contexts, in collaborative work, as well as in gaming and also in virtual meetings with friends. Therefore it is important to understand how the relationship between user and ...

The MITRE Corporation is a non-profit organization that has made substantial efforts into creating and maintaining knowledge bases relevant to cybersecurity and has been widely adopted by the community. ATT&CK ”Adversarial Tactics, Techniques, and Common ...

The Common Vulnerability Scoring System (CVSS) is the industry standard for describing the characteristics of a software vulnerability and measuring its severity. However, during the first days after a vulnerability disclosure, the initial human ...

Software security is undoubtedly a major concern in today's software engineering. Although the level of awareness of security issues is often high, practical experiences show that neither preventive actions nor reactions to possible issues are always ...

Nowadays cloud computing technologies are the most widely used tools due to their great flexibility and also to their lower maintenance costs. Many vendors of cloud computing have appeared on the market for each type of cloud. These solutions still pose ...

Increasing the variety and quantity of cyber threats becoming the evident that traditional human-in-loop approaches are no longer sufficient to keep systems safe. To address this momentous moot point, forward-thinking pioneers propose new cyber security ...