Cleaning the NVD: Comprehensive Quality Assessment, Improvements, and Analyses

Anwar, Afsah; Abusnaina, Ahmed; Chen, Songqing; Li, Frank; Mohaisen, Aziz

doi:10.48550/arxiv.2006.15074

Cited by 4 publications

(8 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that this database has been discontinued since 2016. 6 https://twitter.com 7 https://avast.com/exploit-protection.php. This link was provided by de Sousa et al [41], but it is no longer available.…”

Section: Exploit Likelihoodmentioning

confidence: 99%

“…For CVSS version 3 [57,58], Chen et al [29,30] and Anwar et al [6] also reported the strong performance of DL-based models (e.g., CNN and graph convolutional neural network [95]). Some other studies did not directly predict severity score from SV descriptions, instead they aggregated the predicted values of the CVSS Exploitability (see section 3) and Impact metrics (see section 4) using the formulas of CVSS version 2 [50,86,171,193], version 3 [50,86,139] and WIVSS [171].…”

Section: Severity Scorementioning

confidence: 99%

“…Thirdly, external sources on NVD/CVE have enabled many studies to obtain richer SV information (e.g., exploitation availability/time [30] or vulnerable code/crashes [181,201]) and extract relationships among multiple SV sources to develop a knowledge graph of SVs (e.g., [72,199]). Despite all the aforementioned advantages, NVD/CVE still suffer from information inconsistencies [6,45] and a poor coverage of relevant external sources (e.g., SV fixing code) [76].…”

Section: Data Sourcesmentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Le¹,

Chen²,

Babar³

2021

Preprint

View full text Add to dashboard Cite

Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surge in SV data sources and datadriven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues. CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Software security engineering; • Computing methodologies → Machine learning; Neural networks;

show abstract

Section: Exploit Likelihoodmentioning

confidence: 99%

Section: Severity Scorementioning

confidence: 99%

Section: Data Sourcesmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Le¹,

Chen²,

Babar³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Jimenez et al [P12] found that only 75% of vulnerability reports had an associated fix. Vulnerability reports are often incomplete and missing references [9].…”

Section: Label Noisementioning

confidence: 99%

“…Unfortunately, SV data preparation is not a trivial task [7]. High-quality SV data is notoriously difficult to obtain due to its natural infrequency [8], inconsistent reporting [9], and the unwillingness of organisations to make their sensitive data public [10]. It is widely recognized that data noise can severely impact the quality of an SVP model and eventually negatively impact the validity of the research outcomes [11], [12].…”

Section: Introductionmentioning

confidence: 99%

Data Preparation for Software Vulnerability Prediction: A Systematic Literature Review

Croft¹,

Xie²,

Babar³

2021

Preprint

View full text Add to dashboard Cite

Software Vulnerability Prediction (SVP) is a data-driven technique for software quality assurance that has recently gained considerable attention in the Software Engineering research community. However, the difficulties of preparing Software Vulnerability (SV) related data remains as the main barrier to industrial adoption. Despite this problem, there have been no systematic efforts to analyse the existing SV data preparation techniques and challenges. Without such insights, we are unable to overcome the challenges and advance this research domain. Hence, we are motivated to conduct a Systematic Literature Review (SLR) of SVP research to synthesize and gain an understanding of the data considerations, challenges and solutions that SVP researchers provide. From our set of primary studies, we identify the main practices for each data preparation step. We then present a taxonomy of 16 key data challenges relating to six themes, which we further map to six categories of solutions. However, solutions are far from complete, and there are several ill-considered issues. We also provide recommendations for future areas of SV data research. Our findings help illuminate the key SV data practices and considerations for SVP researchers and practitioners, as well as inform the validity of the current SVP approaches.

show abstract

Towards automatic discovery and assessment of vulnerability severity in cyber–physical systems

Jiang

Atif

2022

Array

View full text Add to dashboard Cite

Cleaning the NVD: Comprehensive Quality Assessment, Improvements, and Analyses

Cited by 4 publications

References 15 publications

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Data Preparation for Software Vulnerability Prediction: A Systematic Literature Review

Towards automatic discovery and assessment of vulnerability severity in cyber–physical systems

Contact Info

Product

Resources

About