A Survey on Software Vulnerability Exploitability Assessment

被引:4
作者
Elder, Sarah [1 ]
Rahman, Md Rayhanur [1 ]
Fringer, Gage [1 ]
Kapoor, Kunal [1 ]
Williams, Laurie [1 ]
机构
[1] North Carolina State Univ, Dept Comp Sci, Coll Engn, Campus Box 8206,890 Oval Dr,Engn Bldg 2, Raleigh, NC 27695 USA
来源
ACM COMPUTING SURVEYS | 2024年 / 56卷 / 08期
基金
美国国家科学基金会;
关键词
Exploitability; software vulnerability; COMMON VULNERABILITY; SYSTEMS; RISK;
D O I
10.1145/3648610
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in understanding existing methods for assessing vulnerability exploitability through a survey of exploitability assessment literature. We identify three exploitability assessment approaches: assessments based on original, manual Common Vulnerability Scoring System, automated Deterministic assessments, and automated Probabilistic assessments. Other than the original Common Vulnerability Scoring System, the two most common sub-categories are Deterministic, Program State based, and Probabilistic learning model assessments.
引用
收藏
页数:41
相关论文
共 50 条
[41]   Automated Extraction of Software Names from Vulnerability Reports using LSTM and Expert System [J].
Khokhlov, Igor ;
Okutan, Ahmet ;
Bryla, Ryan ;
Simmons, Steven ;
Mirakhorli, Mehdi .
2022 IEEE 29TH ANNUAL SOFTWARE TECHNOLOGY CONFERENCE (STC 2022), 2022, :125-134
[42]   Probabilistic seismic vulnerability assessment of buildings in terms of economic losses [J].
Yamin, Luis E. ;
Hurtado, Alvaro ;
Rincon, Raul ;
Dorado, Juan F. ;
Reyes, Juan C. .
ENGINEERING STRUCTURES, 2017, 138 :308-323
[43]   Vulnerability severity prediction and risk metric modeling for software [J].
Xiaoling Zhu ;
Chenglong Cao ;
Jing Zhang .
Applied Intelligence, 2017, 47 :828-836
[44]   Software Vulnerability Severity Evaluation Based on Economic Losses [J].
Yang, Yunxue ;
Jin, Shuyuan ;
He, Xiaowei .
TRUSTWORTHY COMPUTING AND SERVICES (ISCTCS 2014), 2015, 520 :144-151
[45]   Vulnerability severity prediction and risk metric modeling for software [J].
Zhu, Xiaoling ;
Cao, Chenglong ;
Zhang, Jing .
APPLIED INTELLIGENCE, 2017, 47 (03) :828-836
[46]   Formally Analyzing Software Vulnerability Based on Model Checking [J].
Wang Chunlei ;
Huang Minhuan ;
He Ronghui .
NSWCTC 2009: INTERNATIONAL CONFERENCE ON NETWORKS SECURITY, WIRELESS COMMUNICATIONS AND TRUSTED COMPUTING, VOL 1, PROCEEDINGS, 2009, :615-+
[47]   Automated Software Vulnerability Detection via Curriculum Learning [J].
Du, Qianjin ;
Kun, Wei ;
Kuang, Xiaohui ;
Li, Xiang ;
Zhao, Gang .
2023 IEEE INTERNATIONAL CONFERENCE ON MULTIMEDIA AND EXPO, ICME, 2023, :2855-2860
[48]   Software reliability prediction: A survey [J].
Oveisi, Shahrzad ;
Moeini, Ali ;
Mirzaei, Sayeh ;
Farsi, Mohammad Ali .
QUALITY AND RELIABILITY ENGINEERING INTERNATIONAL, 2023, 39 (01) :412-453
[49]   Software Vulnerability Detection using Large Language Models [J].
Das Purba, Moumita ;
Ghosh, Arpita ;
Radford, Benjamin J. ;
Chu, Bill .
2023 IEEE 34TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS, ISSREW, 2023, :112-119
[50]   A Systematic Mapping Study of the Advancement in Software Vulnerability Forecasting [J].
Gautier, Andrew ;
Whitehead, Christofer ;
Dzielski, Dale ;
Devine, Thomas ;
Hernandez, Joshua .
SOUTHEASTCON 2023, 2023, :545-552
12345