Glanz, Leonid and Schmidt, Sebastian and Wollny, Sebastian and Hermann, Ben (2015):
A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases.
In: i-KNOW '15, pp. 28:1-28:4, New York, NY, USA, ACM, Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business, New York, NY, USA, ISBN 978-1-4503-3721-2,
[Conference or Workshop Item]
Abstract
The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available in structured form. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis.
| Item Type: | Conference or Workshop Item |
|---|---|
| Erschienen: | 2015 |
| Creators: | Glanz, Leonid and Schmidt, Sebastian and Wollny, Sebastian and Hermann, Ben |
| Title: | A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases |
| Language: | English |
| Abstract: | The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available in structured form. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis. |
| Series Name: | i-KNOW '15 |
| Place of Publication: | New York, NY, USA |
| Publisher: | ACM |
| ISBN: | 978-1-4503-3721-2 |
| Uncontrolled Keywords: | information extraction, knowledge discovery, vulnerabilities |
| Divisions: | 18 Department of Electrical Engineering and Information Technology 18 Department of Electrical Engineering and Information Technology > Institute of Computer Engineering 18 Department of Electrical Engineering and Information Technology > Institute of Computer Engineering > Multimedia Communications 20 Department of Computer Science 20 Department of Computer Science > Software Technology |
| Event Title: | Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business |
| Event Location: | New York, NY, USA |
| Date Deposited: | 23 Nov 2015 15:09 |
| Official URL: | http://doi.acm.org/10.1145/2809563.2809612 |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Send an inquiry |
Options (only for editors)
 |
Show editorial Details |
Drucken
Impressum