A Survey on Data-driven Software Vulnerability Assessment and Prioritization

被引:22
|
作者
Le, Triet H. M. [1 ]
Chen, Huaming [1 ]
Babar, M. Ali [1 ,2 ]
机构
[1] Univ Adelaide, CREST Ctr Res Engn Software Technol, Adelaide, SA, Australia
[2] Cyber Secur Cooperat Res Ctr, Joondalup, Australia
来源
ACM COMPUTING SURVEYS | 2023年 / 55卷 / 05期
关键词
Software vulnerability; Vulnerability assessment and prioritization; NEURAL-NETWORKS; SEVERITY; CLASSIFICATION; FRAMEWORK; PATTERNS; TIME;
D O I
10.1145/3529757
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surges in SV data sources and data-driven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues.
引用
收藏
页数:39
相关论文
共 50 条
  • [1] A Survey on Software Vulnerability Exploitability Assessment
    Elder, Sarah
    Rahman, Md Rayhanur
    Fringer, Gage
    Kapoor, Kunal
    Williams, Laurie
    ACM COMPUTING SURVEYS, 2024, 56 (08)
  • [2] Data-driven Communicative Behaviour Generation: A Survey
    Oralbayeva, Nurziya
    Aly, Amir
    Sandygulova, Anara
    Belpaeme, Tony
    ACM TRANSACTIONS ON HUMAN-ROBOT INTERACTION, 2024, 13 (01)
  • [3] Software vulnerability prioritization using vulnerability description
    Ruchi Sharma
    Ritu Sibal
    Sangeeta Sabharwal
    International Journal of System Assurance Engineering and Management, 2021, 12 : 58 - 64
  • [4] Software vulnerability prioritization using vulnerability description
    Sharma, Ruchi
    Sibal, Ritu
    Sabharwal, Sangeeta
    INTERNATIONAL JOURNAL OF SYSTEM ASSURANCE ENGINEERING AND MANAGEMENT, 2021, 12 (01) : 58 - 64
  • [5] A data-driven analysis of global research trends in medical image: A survey
    Fan, Chao
    Hu, Kai
    Yuan, Yuyi
    Li, Yu
    NEUROCOMPUTING, 2023, 518 : 308 - 320
  • [6] Towards Data-Driven Vulnerability Prediction for Requirements
    Imtiaz, Sayem Mohammad
    Bhowmik, Tanmay
    ESEC/FSE'18: PROCEEDINGS OF THE 2018 26TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2018, : 744 - 748
  • [7] Prioritization of reproductive toxicants in unconventional oil and gas operations using a multi-country regulatory data-driven hazard assessment
    Inayat-Hussain, Salmaan H.
    Fukumura, Masao
    Aziz, A. Muiz
    Jin, Chai Meng
    Jin, Low Wei
    Garcia-Milian, Rolando
    Vasiliou, Vasilis
    Deziel, Nicole C.
    ENVIRONMENT INTERNATIONAL, 2018, 117 : 348 - 358
  • [8] A Survey on Data-driven Network Intrusion Detection
    Chou, Dylan
    Jiang, Meng
    ACM COMPUTING SURVEYS, 2022, 54 (09)
  • [9] Data-driven Crowd Modeling Techniques: A Survey
    Zhong, Jinghui
    Li, Dongrui
    Huang, Zhixing
    Lu, Chengyu
    Cai, Wentong
    ACM TRANSACTIONS ON MODELING AND COMPUTER SIMULATION, 2022, 32 (01):
  • [10] A novel approach to evaluate software vulnerability prioritization
    Huang, Chien-Cheng
    Lin, Feng-Yu
    Lin, Frank Yeong-Sung
    Sun, Yeali S.
    JOURNAL OF SYSTEMS AND SOFTWARE, 2013, 86 (11) : 2822 - 2840
12345