A Survey on Software Vulnerability Exploitability Assessment

被引:2
|
作者
Elder, Sarah [1 ]
Rahman, Md Rayhanur [1 ]
Fringer, Gage [1 ]
Kapoor, Kunal [1 ]
Williams, Laurie [1 ]
机构
[1] North Carolina State Univ, Dept Comp Sci, Coll Engn, Campus Box 8206,890 Oval Dr,Engn Bldg 2, Raleigh, NC 27695 USA
来源
ACM COMPUTING SURVEYS | 2024年 / 56卷 / 08期
基金
美国国家科学基金会;
关键词
Exploitability; software vulnerability; COMMON VULNERABILITY; SYSTEMS; RISK;
D O I
10.1145/3648610
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in understanding existing methods for assessing vulnerability exploitability through a survey of exploitability assessment literature. We identify three exploitability assessment approaches: assessments based on original, manual Common Vulnerability Scoring System, automated Deterministic assessments, and automated Probabilistic assessments. Other than the original Common Vulnerability Scoring System, the two most common sub-categories are Deterministic, Program State based, and Probabilistic learning model assessments.
引用
收藏
页数:41
相关论文
共 50 条
  • [1] Assessing vulnerability exploitability risk using software properties
    Awad Younis
    Yashwant K. Malaiya
    Indrajit Ray
    Software Quality Journal, 2016, 24 : 159 - 202
  • [2] Assessing vulnerability exploitability risk using software properties
    Younis, Awad
    Malaiya, Yashwant K.
    Ray, Indrajit
    SOFTWARE QUALITY JOURNAL, 2016, 24 (01) : 159 - 202
  • [3] A Survey on Data-driven Software Vulnerability Assessment and Prioritization
    Le, Triet H. M.
    Chen, Huaming
    Babar, M. Ali
    ACM COMPUTING SURVEYS, 2023, 55 (05)
  • [4] Using Attack Surface Entry Points and Reachability Analysis to Assess the Risk of Software Vulnerability Exploitability
    Younis, Awad A.
    Malaiya, Yashwant K.
    Ray, Indrajit
    2014 IEEE 15TH INTERNATIONAL SYMPOSIUM ON HIGH-ASSURANCE SYSTEMS ENGINEERING (HASE), 2014, : 1 - 8
  • [5] Predicting the Severity and Exploitability of Vulnerability Reports using Convolutional Neural Nets
    Okutan, Ahmet
    Mirakhorli, Mehdi
    3RD INTERNATIONAL WORKSHOP ON ENGINEERING AND CYBERSECURITY OF CRITICAL SYSTEMS (ENCYCRIS 2022), 2022, : 1 - 8
  • [6] Survey of software vulnerability detection techniques
    School of Computer Science and Engineering, Beihang University, Beijing
    100191, China
    不详
    410073, China
    Jisuanji Xuebao, 4 (717-732): : 717 - 732
  • [7] Vulnerability Assessment Framework Based on In-The-Wild Exploitability for Prioritizing Patch Application in Control System
    Yoon, Seong-Su
    Kim, Do-Yeon
    Kim, Ga-Gyeong
    Euom, Ieck-Chae
    INFORMATION SECURITY APPLICATIONS, WISA 2023, 2024, 14402 : 119 - 130
  • [8] Vulnerability Assessment in Autonomic Networks and Services: A Survey
    Barrere, Martin
    Badonnel, Remi
    Festor, Olivier
    IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2014, 16 (02): : 988 - 1004
  • [9] Software Vulnerability Assessment: Vendor, Scanner, and User Analysis
    Boonchuay, Kietthibhum
    Siripaktanakon, Wachirawich
    Sangpetch, Orathai
    Sangpetch, Akkarit
    2022 IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM 2022), 2022, : 214 - 221
  • [10] Software Vulnerability Detection Using Deep Neural Networks: A Survey
    Lin, Guanjun
    Wen, Sheng
    Han, Qing-Long
    Zhang, Jun
    Xiang, Yang
    PROCEEDINGS OF THE IEEE, 2020, 108 (10) : 1825 - 1848
12345