A Survey on Software Vulnerability Exploitability Assessment

被引:2
作者
Elder, Sarah [1 ]
Rahman, Md Rayhanur [1 ]
Fringer, Gage [1 ]
Kapoor, Kunal [1 ]
Williams, Laurie [1 ]
机构
[1] North Carolina State Univ, Dept Comp Sci, Coll Engn, Campus Box 8206,890 Oval Dr,Engn Bldg 2, Raleigh, NC 27695 USA
来源
ACM COMPUTING SURVEYS | 2024年 / 56卷 / 08期
基金
美国国家科学基金会;
关键词
Exploitability; software vulnerability; COMMON VULNERABILITY; SYSTEMS; RISK;
D O I
10.1145/3648610
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in understanding existing methods for assessing vulnerability exploitability through a survey of exploitability assessment literature. We identify three exploitability assessment approaches: assessments based on original, manual Common Vulnerability Scoring System, automated Deterministic assessments, and automated Probabilistic assessments. Other than the original Common Vulnerability Scoring System, the two most common sub-categories are Deterministic, Program State based, and Probabilistic learning model assessments.
引用
收藏
页数:41
相关论文
共 50 条
[31]   A Mining Approach to Obtain the Software Vulnerability Characteristics [J].
Li, Xiang ;
Chen, Jinfu ;
Lin, Zhechao ;
Zhang, Lin ;
Wang, Zibin ;
Zhou, Minmin ;
Xie, Wanggen .
2017 FIFTH INTERNATIONAL CONFERENCE ON ADVANCED CLOUD AND BIG DATA (CBD), 2017, :296-301
[32]   Study on software vulnerability Dynamic discovering System [J].
Song Guangjun ;
Zhao Chunlan ;
Li Ming .
NEW TRENDS IN MECHATRONICS AND MATERIALS ENGINEERING, 2012, 151 :673-677
[33]   SCoPE: Evaluating LLMs for Software Vulnerability Detection [J].
Goncalves, Jose ;
Dias, Tiago ;
Maia, Eva ;
Praca, Isabel .
DISTRIBUTED COMPUTING AND ARTIFICIAL INTELLIGENCE, SPECIAL SESSIONS I, 21ST INTERNATIONAL CONFERENCE, 2025, 1198 :34-43
[34]   Convolutional Neural Network for Software Vulnerability Detection [J].
Yang, Kaixi ;
Miller, Paul ;
Martinez-del-Rincon, Jesus .
2022 CYBER RESEARCH CONFERENCE - IRELAND (CYBER-RCI), 2022, :83-86
[35]   IDENTIFYING VULNERABILITY TO POVERTY: A CRITICAL SURVEY [J].
Gallardo, Mauricio .
JOURNAL OF ECONOMIC SURVEYS, 2018, 32 (04) :1074-1105
[36]   A Software Vulnerability Prediction Model Using Traceable Code Patterns and Software Metrics [J].
Sultana K.Z. ;
Boyd C.B. ;
Williams B.J. .
SN Computer Science, 4 (5)
[37]   The Historical Relationship between the Software Vulnerability Lifecycle and Vulnerability Markets: Security and Economic Risks [J].
Algarni, Abdullah M. .
COMPUTERS, 2022, 11 (09)
[38]   CORRESPONDENCE: Beyond vulnerability assessment [J].
Swart, Rob ;
Fuss, Sabine ;
Obersteiner, Michael ;
Ruti, Paolo ;
Teichmann, Claas ;
Vautard, Robert .
NATURE CLIMATE CHANGE, 2013, 3 (11) :942-943
[39]   Automated Extraction of Software Names from Vulnerability Reports using LSTM and Expert System [J].
Khokhlov, Igor ;
Okutan, Ahmet ;
Bryla, Ryan ;
Simmons, Steven ;
Mirakhorli, Mehdi .
2022 IEEE 29TH ANNUAL SOFTWARE TECHNOLOGY CONFERENCE (STC 2022), 2022, :125-134
[40]   Probabilistic seismic vulnerability assessment of buildings in terms of economic losses [J].
Yamin, Luis E. ;
Hurtado, Alvaro ;
Rincon, Raul ;
Dorado, Juan F. ;
Reyes, Juan C. .
ENGINEERING STRUCTURES, 2017, 138 :308-323
12345