A Survey on Data-driven Software Vulnerability Assessment and Prioritization

被引:14
|
作者
Le, Triet H. M. [1 ]
Chen, Huaming [1 ]
Babar, M. Ali [1 ,2 ]
机构
[1] Univ Adelaide, CREST Ctr Res Engn Software Technol, Adelaide, SA, Australia
[2] Cyber Secur Cooperat Res Ctr, Joondalup, Australia
来源
ACM COMPUTING SURVEYS | 2023年 / 55卷 / 05期
关键词
Software vulnerability; Vulnerability assessment and prioritization; NEURAL-NETWORKS; SEVERITY; CLASSIFICATION; FRAMEWORK; PATTERNS; TIME;
D O I
10.1145/3529757
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surges in SV data sources and data-driven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues.
引用
收藏
页数:39
相关论文
共 50 条
  • [1] Enhancing Vulnerability Prioritization: Data-Driven Exploit Predictions with Community-Driven Insights
    Jacobs, Jay
    Romanosky, Sasha
    Suciu, Octavian
    Edwards, Ben
    Sarabi, Armin
    [J]. 2023 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS, EUROS&PW, 2023, : 194 - 206
  • [2] A Comparison of Data-Driven Groundwater Vulnerability Assessment Methods
    Sorichetta, Alessandro
    Ballabio, Cristiano
    Masetti, Marco
    Robinson, Gilpin R., Jr.
    Sterlacchini, Simone
    [J]. GROUND WATER, 2013, 51 (06) : 866 - 879
  • [3] Towards data-driven software engineering skills assessment
    Lin, Jun
    Yu, Han
    Pan, Zhengxiang
    Shen, Zhiqi
    Cui, Lizhen
    [J]. International Journal of Crowd Science, 2018, 2 (02) : 123 - 135
  • [4] Data-driven Process Prioritization in Process Networks
    Kratsch, Wolfgang
    Manderscheid, Jonas
    Reissner, Daniel
    Roeglinger, Maximilian
    [J]. DECISION SUPPORT SYSTEMS, 2017, 100 : 27 - 40
  • [5] A Survey on Software Vulnerability Exploitability Assessment
    Elder, Sarah
    Rahman, Md Rayhanur
    Fringer, Gage
    Kapoor, Kunal
    Williams, Laurie
    [J]. ACM COMPUTING SURVEYS, 2024, 56 (08)
  • [6] Information Entropy Based Prioritization Strategy for Data-driven Transient Stability Batch Assessment
    Yan, Rong
    Wang, Zhaoyu
    Yuan, Yuxuan
    Geng, Guangchao
    Jiang, Quanyuan
    [J]. CSEE JOURNAL OF POWER AND ENERGY SYSTEMS, 2021, 7 (03): : 443 - 455
  • [7] An Extended Assessment of Data-driven Bayesian Networks in Software Effort Prediction
    Tierno, Ivan A. P.
    Nunes, Daltro J.
    [J]. 2013 27TH BRAZILIAN SYMPOSIUM ON SOFTWARE ENGINEERING (SBES 2013), 2013, : 157 - 166
  • [8] Software vulnerability prioritization using vulnerability description
    Ruchi Sharma
    Ritu Sibal
    Sangeeta Sabharwal
    [J]. International Journal of System Assurance Engineering and Management, 2021, 12 : 58 - 64
  • [9] Software vulnerability prioritization using vulnerability description
    Sharma, Ruchi
    Sibal, Ritu
    Sabharwal, Sangeeta
    [J]. INTERNATIONAL JOURNAL OF SYSTEM ASSURANCE ENGINEERING AND MANAGEMENT, 2021, 12 (01) : 58 - 64
  • [10] Towards Data-Driven Vulnerability Prediction for Requirements
    Imtiaz, Sayem Mohammad
    Bhowmik, Tanmay
    [J]. ESEC/FSE'18: PROCEEDINGS OF THE 2018 26TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2018, : 744 - 748
12345