TU Darmstadt / ULB / TUbiblio

A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases

Glanz, Leonid ; Schmidt, Sebastian ; Wollny, Sebastian ; Hermann, Ben :
A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases.
[Online-Edition: http://doi.acm.org/10.1145/2809563.2809612]
In: Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business, New York, NY, USA. In: i-KNOW '15 . ACM , New York, NY, USA
[Konferenz- oder Workshop-Beitrag], (2015)

Offizielle URL: http://doi.acm.org/10.1145/2809563.2809612

Kurzbeschreibung (Abstract)

The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available in structured form. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis.

Typ des Eintrags: Konferenz- oder Workshop-Beitrag (Keine Angabe)
Erschienen: 2015
Autor(en): Glanz, Leonid ; Schmidt, Sebastian ; Wollny, Sebastian ; Hermann, Ben
Titel: A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases
Sprache: Englisch
Kurzbeschreibung (Abstract):

The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available in structured form. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis.

Reihe: i-KNOW '15
Ort: New York, NY, USA
Verlag: ACM
Freie Schlagworte: information extraction, knowledge discovery, vulnerabilities
Fachbereich(e)/-gebiet(e): 18 Fachbereich Elektrotechnik und Informationstechnik
18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik > Multimedia Kommunikation
20 Fachbereich Informatik
20 Fachbereich Informatik > Softwaretechnik
18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik
Veranstaltungstitel: Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business
Veranstaltungsort: New York, NY, USA
Hinterlegungsdatum: 23 Nov 2015 15:09
Offizielle URL: http://doi.acm.org/10.1145/2809563.2809612
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen