Glanz, Leonid ; Schmidt, Sebastian ; Wollny, Sebastian ; Hermann, Ben (2015)
A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases.
Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business. New York, NY, USA
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available in structured form. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2015 |
| Autor(en): | Glanz, Leonid ; Schmidt, Sebastian ; Wollny, Sebastian ; Hermann, Ben |
| Art des Eintrags: | Bibliographie |
| Titel: | A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases |
| Sprache: | Englisch |
| Publikationsjahr: | 2015 |
| Ort: | New York, NY, USA |
| Verlag: | ACM |
| Reihe: | i-KNOW '15 |
| Veranstaltungstitel: | Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business |
| Veranstaltungsort: | New York, NY, USA |
| URL / URN: | http://doi.acm.org/10.1145/2809563.2809612 |
| Kurzbeschreibung (Abstract): | The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available in structured form. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis. |
| Freie Schlagworte: | information extraction, knowledge discovery, vulnerabilities |
| Fachbereich(e)/-gebiet(e): | 18 Fachbereich Elektrotechnik und Informationstechnik 18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik 18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik > Multimedia Kommunikation 20 Fachbereich Informatik 20 Fachbereich Informatik > Softwaretechnik |
| Hinterlegungsdatum: | 23 Nov 2015 15:09 |
| Letzte Änderung: | 07 Okt 2018 21:52 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum