A Survey on Data-driven Software Vulnerability Assessment and Prioritization

被引：14

作者：

Le, Triet H. M. ^{[1
]}

Chen, Huaming ^{[1
]}

Babar, M. Ali ^{[1
,2
]}

机构：

[1] Univ Adelaide, CREST Ctr Res Engn Software Technol, Adelaide, SA, Australia

[2] Cyber Secur Cooperat Res Ctr, Joondalup, Australia

来源：

ACM COMPUTING SURVEYS | 2023年 / 55卷 / 05期

关键词：

Software vulnerability; Vulnerability assessment and prioritization; NEURAL-NETWORKS; SEVERITY; CLASSIFICATION; FRAMEWORK; PATTERNS; TIME;

D O I：

10.1145/3529757

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surges in SV data sources and data-driven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues.

引用

下载

页数：39

共 50 条

[41] Data-Driven Vulnerability Exploration for Design Phase System Analysis
Bakirtzis, Georgios
Simon, Brandon J.
Collins, Aidan G.
Fleming, Cody Harrison
Elks, Carl R.
IEEE SYSTEMS JOURNAL, 2020, 14 (04): : 4864 - 4873
[42] The incremental funding method: Data-driven software development
Denne, M
Cleland-Huang, J
IEEE SOFTWARE, 2004, 21 (03) : 39 - +
[43] Towards Data-driven Software-Defined Infrastructures
Garcia Lopez, Pedro
Gracia Tinedo, Raul
Montresor, Alberto
2ND INTERNATIONAL CONFERENCE ON CLOUD FORWARD: FROM DISTRIBUTED TO COMPLETE COMPUTING, 2016, 97 : 144 - 147
[44] DATA-DRIVEN SOFTWARE-DESIGN USING INVERSION
STORER, R
INFORMATION AND SOFTWARE TECHNOLOGY, 1988, 30 (02) : 99 - 107
[45] Using a data-driven model for instrument software development
Clarke, DA
Allen, SL
ASTRONOMICAL DATA ANALYSIS SOFTWARE AND SYSTEMS IX, 2000, 216 : 16 - 19
[46] Defining dependable dynamic data-driven software architectures
Bahsoon, Rami
IRI 2007: PROCEEDINGS OF THE 2007 IEEE INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION, 2007, : 691 - 694
[47] Data-Driven Software Reliability and Availability Modeling and Prediction
Xuemei Zhang
Hoang Pham
OPSEARCH, 2008, 45 (4) : 335 - 350
[48] Data-Driven Search-based Software Engineering
Nair, Vivek
Agrawal, Amritanshu
Chen, Jianfeng
Fu, Wei
Mathew, George
Menzies, Tim
Minku, Leandro
Wagner, Markus
Yu, Zhe
2018 IEEE/ACM 15TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES (MSR), 2018, : 341 - 352
[49] Constructing Dependable Data-Driven Software With Machine Learning
Pahl, Claus
Azimi, Shelernaz
IEEE SOFTWARE, 2021, 38 (06) : 88 - 97
[50] Data-driven Software Security and its Hardware Support
Erlingsson, Ulfar
PROCEEDINGS OF THE 2017 WORKSHOP ON ATTACKS AND SOLUTIONS IN HARDWARE SECURITY (ASHES'17), 2017, : 3 - 3

← 1 2 3 4 5 →