2017 13th European Dependable Computing Conference (EDCC) 2017
DOI: 10.1109/edcc.2017.30
|View full text |Cite
|
Sign up to set email alerts
|

vepRisk - A Web Based Analysis Tool for Public Security Data

Abstract: Abstract-We present vepRisk (Vulnerabilities, Exploits and Patches Risk analysis tool): a web-based tool for analyzing publically available security data. The tool has a backend modules that mine, extract, parse and store data from public repositories of vulnerabilities, exploits and patches; and a frontend web-based application that provides functionality for analyzing the data. The frontend uses shinyR, hence allowing integration with the R statistical analysis package and seamless use of R functions. We als… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
4
0

Year Published

2018
2018
2021
2021

Publication Types

Select...
2
1

Relationship

3
0

Authors

Journals

citations
Cited by 3 publications
(4 citation statements)
references
References 8 publications
0
4
0
Order By: Relevance
“…The objective of this study is to compare some aspects of the information present on vulnerability databases with another OSINT source, namely Twitter. Instead of searching, collecting, and parsing a set of databases, we use the vepRisk database [26]. It contains several types of security-related public data, including all entries published on the NVD, Security Database, Security Focus, and PacketStorm databases, from their creation until the end of 2018.…”
Section: Methodsmentioning
confidence: 99%
See 1 more Smart Citation
“…The objective of this study is to compare some aspects of the information present on vulnerability databases with another OSINT source, namely Twitter. Instead of searching, collecting, and parsing a set of databases, we use the vepRisk database [26]. It contains several types of security-related public data, including all entries published on the NVD, Security Database, Security Focus, and PacketStorm databases, from their creation until the end of 2018.…”
Section: Methodsmentioning
confidence: 99%
“…In this paper, we present an extensive study on OSINT sources, comparing their timeliness and richness. We analysed the vulnerability OSINT sources indexed on vepRisk [26], which aggregates several vulnerability databases, advisory sites, and their relationships. We compared Twitter against these data sources to understand if there are any advantages in using it as a cybersecurity data source.…”
Section: Introductionmentioning
confidence: 99%
“…To obtain exploited vulnerability data, we used Exploit Database (EDB) 2 . The EDB is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers [44].…”
Section: Dataset Usedmentioning
confidence: 99%
“…1 We then updated the reporting date on our database to the earliest date that a given vulnerability was known in any of these databases. Details of the tool (vepRisk) we developed to gather the data is given in [23]. For the rest of the paper, we will focus on four OSs (Windows, Mac, IOS, and Linux) and four web browsers (Internet Explorer, Safari, Firefox, and Chrome).…”
Section: Dataset and Data Processingmentioning
confidence: 99%