TU Darmstadt / ULB / TUbiblio

A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases

Glanz, Leonid ; Schmidt, Sebastian ; Wollny, Sebastian ; Hermann, Ben (2015)
A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases.
Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business. New York, NY, USA
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available in structured form. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2015
Autor(en): Glanz, Leonid ; Schmidt, Sebastian ; Wollny, Sebastian ; Hermann, Ben
Art des Eintrags: Bibliographie
Titel: A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases
Sprache: Englisch
Publikationsjahr: 2015
Ort: New York, NY, USA
Verlag: ACM
Reihe: i-KNOW '15
Veranstaltungstitel: Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business
Veranstaltungsort: New York, NY, USA
URL / URN: http://doi.acm.org/10.1145/2809563.2809612
Kurzbeschreibung (Abstract):

The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available in structured form. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis.

Freie Schlagworte: information extraction, knowledge discovery, vulnerabilities
Fachbereich(e)/-gebiet(e): 18 Fachbereich Elektrotechnik und Informationstechnik
18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik
18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik > Multimedia Kommunikation
20 Fachbereich Informatik
20 Fachbereich Informatik > Softwaretechnik
Hinterlegungsdatum: 23 Nov 2015 15:09
Letzte Änderung: 07 Okt 2018 21:52
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen