A Survey on Data-driven Software Vulnerability Assessment and Prioritization-Reference-Cited by-同舟云学术

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Published:2022-12-03 Issue:5 Volume:55 Page:1-39
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Le Triet H. M.¹^ORCID,Chen Huaming¹^ORCID,Babar M. Ali²^ORCID

Affiliation:

1. CREST - The Centre for Research on Engineering Software Technologies, The University of Adelaide Adelaide, Australia

2. CREST - The Centre for Research on Engineering Software Technologies, The University of Adelaide Adelaide, Australia and Cyber Security Cooperative Research Centre, Australia

Abstract

Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surges in SV data sources and data-driven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues.

Funder

Cyber Security Research Centre Limited

Australian Government’s Cooperative Research Centres Programme

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3529757

Reference222 articles.

1. ThreatZoom: CVE2CWE using hierarchical neural network;Aghaei Ehsan;arXiv preprint arXiv:2009.11501,2020

2. Predicting bug-fixing time: A replication study using an open source software project

3. Automated Generation of Attack Graphs Using NVD

4. LDA Categorization of Security Bug Reports in Chromium Projects

5. Proactive identification of exploits in the wild through vulnerability mentions online

Cited by 28 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SQL injection attack: Detection, prioritization & prevention;Journal of Information Security and Applications;2024-09

2. A Compact Vulnerability Knowledge Graph for Risk Assessment;ACM Transactions on Knowledge Discovery from Data;2024-07-31

3. Vulnerability management digital twin for energy systems;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30

4. Unveil the Mystery of Critical Software Vulnerabilities;Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering;2024-07-10

5. Software Vulnerability Prediction in Low-Resource Languages: An Empirical Study of CodeBERT and ChatGPT;Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering;2024-06-18