TU Darmstadt / ULB / TUbiblio

A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases

Glanz, Leonid ; Schmidt, Sebastian ; Wollny, Sebastian ; Hermann, Ben (2015)
A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases.
Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business. New York, NY, USA
Conference or Workshop Item, Bibliographie

Abstract

The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available in structured form. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Glanz, Leonid ; Schmidt, Sebastian ; Wollny, Sebastian ; Hermann, Ben
Type of entry: Bibliographie
Title: A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases
Language: English
Date: 2015
Place of Publication: New York, NY, USA
Publisher: ACM
Series: i-KNOW '15
Event Title: Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business
Event Location: New York, NY, USA
URL / URN: http://doi.acm.org/10.1145/2809563.2809612
Abstract:

The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available in structured form. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis.

Uncontrolled Keywords: information extraction, knowledge discovery, vulnerabilities
Divisions: 18 Department of Electrical Engineering and Information Technology
18 Department of Electrical Engineering and Information Technology > Institute of Computer Engineering
18 Department of Electrical Engineering and Information Technology > Institute of Computer Engineering > Multimedia Communications
20 Department of Computer Science
20 Department of Computer Science > Software Technology
Date Deposited: 23 Nov 2015 15:09
Last Modified: 07 Oct 2018 21:52
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details