The anatomy of a vulnerability database : a systematic mapping study
Li, Xiaozhou; Moreschini, Sergio; Zhang, Zheying; Palomba, Fabio; Taibi, Davide (2023-03-22)
Li, X., Moreschini, S., Zhang, Z., Palomba, F., & Taibi, D. (2023). The anatomy of a vulnerability database: A systematic mapping study. In Journal of Systems and Software (Vol. 201, p. 111679). Elsevier BV. https://doi.org/10.1016/j.jss.2023.111679
© 2023 The Author(s). Published by Elsevier Inc. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).
https://creativecommons.org/licenses/by/4.0/
https://urn.fi/URN:NBN:fi-fe20230901115692
Tiivistelmä
Abstract
Software vulnerabilities play a major role, as there are multiple risks associated, including loss and manipulation of private data. The software engineering research community has been contributing to the body of knowledge by proposing several empirical studies on vulnerabilities and automated techniques to detect and remove them from source code. The reliability and generalizability of the findings heavily depend on the quality of the information mineable from publicly available datasets of vulnerabilities as well as on the availability and suitability of those databases. In this paper, we seek to understand the anatomy of the currently available vulnerability databases through a systematic mapping study where we analyze (1) what are the popular vulnerability databases adopted; (2) what are the goals for adoption; (3) what are the other sources of information adopted; (4) what are the methods and techniques; (5) which tools are proposed. An improved understanding of these aspects might not only allow researchers to take informed decisions on the databases to consider when doing research but also practitioners to establish reliable sources of information to inform their security policies and standards.
Kokoelmat
- Avoin saatavuus [34589]