A Survey on Software Vulnerability Exploitability Assessment

被引:2
作者
Elder, Sarah [1 ]
Rahman, Md Rayhanur [1 ]
Fringer, Gage [1 ]
Kapoor, Kunal [1 ]
Williams, Laurie [1 ]
机构
[1] North Carolina State Univ, Dept Comp Sci, Coll Engn, Campus Box 8206,890 Oval Dr,Engn Bldg 2, Raleigh, NC 27695 USA
来源
ACM COMPUTING SURVEYS | 2024年 / 56卷 / 08期
基金
美国国家科学基金会;
关键词
Exploitability; software vulnerability; COMMON VULNERABILITY; SYSTEMS; RISK;
D O I
10.1145/3648610
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in understanding existing methods for assessing vulnerability exploitability through a survey of exploitability assessment literature. We identify three exploitability assessment approaches: assessments based on original, manual Common Vulnerability Scoring System, automated Deterministic assessments, and automated Probabilistic assessments. Other than the original Common Vulnerability Scoring System, the two most common sub-categories are Deterministic, Program State based, and Probabilistic learning model assessments.
引用
收藏
页数:41
相关论文
共 50 条
  • [21] Data Quality for Software Vulnerability Datasets
    Croft, Roland
    Babar, M. Ali
    Kholoosi, M. Mehdi
    2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, 2023, : 121 - 133
  • [22] Agents of responsibility in software vulnerability processes
    Takanen A.
    Vuorijärvi P.
    Laakso M.
    Röning J.
    Ethics and Information Technology, 2004, 6 (2) : 93 - 110
  • [23] Optimal policy for software vulnerability disclosure
    Arora, Ashish
    Telang, Rahul
    Xu, Hao
    MANAGEMENT SCIENCE, 2008, 54 (04) : 642 - 656
  • [24] Software vulnerability due to practical drift
    Lundestad C.V.
    Hommels A.
    Ethics and Information Technology, 2007, 9 (2) : 89 - 100
  • [25] An empirical analysis of the impact of software vulnerability announcements on firm stock price
    Telang, Rahul
    Wattal, Sunil
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2007, 33 (08) : 544 - 557
  • [26] Survey on Automated Vulnerability Repair
    Xu T.-T.
    Liu K.
    Xia X.
    Ruan Jian Xue Bao/Journal of Software, 2024, 35 (01): : 136 - 158
  • [27] Exploring the Clustering of Software Vulnerability Disclosure Notifications Across Software Vendors
    Ruohonen, Jukka
    Holvitie, Johannes
    Hyrynsalmi, Sami
    Leppanen, Ville
    2016 IEEE/ACS 13TH INTERNATIONAL CONFERENCE OF COMPUTER SYSTEMS AND APPLICATIONS (AICCSA), 2016,
  • [28] Enhancing drought resilience and vulnerability assessment in small farms: A global expert survey on multidimensional indicators
    Sass, Karina Simone
    Konak, Abdullah
    de Macedo, Marina Batalini
    Benso, Marcos Roberto
    Shrimpton, Elisabeth
    Balta-Ozkan, Nazmiye
    Sarmah, Tanaya
    Mendiondo, Eduardo Mario
    Silva, Greicelene Jesus da
    da Silva, Pedro Gustavo Camara
    Nardocci, Adelaide Cassia
    Jacobson, Michael
    INTERNATIONAL JOURNAL OF DISASTER RISK REDUCTION, 2024, 110
  • [29] A client-server software for the identification of groundwater vulnerability to pesticides at regional level
    Di Guardo, Andrea
    Finizio, Antonio
    SCIENCE OF THE TOTAL ENVIRONMENT, 2015, 530 : 247 - 256
  • [30] Applying dataflow analysis to detecting software vulnerability
    Kim, Hyunha
    Choi, Tae-Hyoung
    Jung, Seung-Cheol
    Kim, Hyoung-Cheol
    Lee, Oukseh
    Doh, Kyung-Goo
    10TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS I-III: INNOVATIONS TOWARD FUTURE NETWORKS AND SERVICES, 2008, : 255 - 258
12345