Trust and Risk Assessment Model of Popular Software Based on Known Vulnerabilities

Janiszewski, Marek; Felkner, Anna; Olszak, J.

doi:10.1515/eletel-2017-0044

Cited by 4 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another not obvious application is the analysis and monitoring of the quality (in the context of cybersecurity) of vendors or their products, which may allow predicting the existence of new unknown vulnerabilities. Such a concept, although not dedicated to the IoT world, can be found in the article [ 6 ]. From the perspective of IoT devices, such prospects can be even more important and more promising.…”

Section: General Aim and Approachmentioning

confidence: 99%

Automatic Actionable Information Processing and Trust Management towards Safer Internet of Things

Janiszewski

Felkner

Lewandowski

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

The security of the Internet of Things (IoT) is a very important aspect of everyday life for people and industries, as well as hospitals, military, households and cities. Unfortunately, this topic is still too little researched and developed, which results in exposing users of Internet of Things to possible threats. One of the areas which should be addressed is the creation of a database of information about vulnerabilities and exploits in the Internet of Things; therefore, the goal of our activities under the VARIoT (Vulnerability and Attack Repository for IoT) project is to develop such a database and make it publicly available. The article presents the results of our research aimed at building this database, i.e., how the information about vulnerabilities is obtained, standardized, aggregated and correlated as well as the way of enhancing and selecting IoT related data. We have obtained and proved that existing databases provide various scopes of information and because of that a single and most comprehensive source of information does not exist. In addition, various sources present information about a vulnerability at different times—some of them are faster than others, and the differences in publication dates are significant. The results of our research show that aggregation of information from various sources can be very beneficial and has potential to enhance actionable value of information. We have also shown that introducing more sophisticated concepts, such as trust management and metainformation extraction based on artificial intelligence, could ensure a higher level of completeness of information as well as evaluate the usefulness and reliability of data.

show abstract

Section: General Aim and Approachmentioning

confidence: 99%

Automatic Actionable Information Processing and Trust Management towards Safer Internet of Things

Janiszewski

Felkner

Lewandowski

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…When the cracker finds a new vulnerability (so called "0-day"), they try to exploit it to generate benefits, instead of informing the vendor. Therefore, unknown vulnerabilities are associated with an enormous potential to compromise system security [1]. The vulnerability management system should support the system administrator in two areas.…”

Section: Vulnerabilitiesmentioning

confidence: 99%

“…Secondly, the vulnerability management system should assess the technical risks associated with the software used. This risk stems from the existing security vulnerabilities [1]. Technical vulnerability databases are very important, but they contain information about well-known vulnerabilities only (mainly those for which patches have been released).…”

Section: Vulnerabilitiesmentioning

confidence: 99%

“…The CVSS score may vary from 0.0 to 10.0, where values from 0.0 to 3.9 indicate a "low" level of severity, and values from 7.0 to 10.0 mean "high" or "critical" severity. The CVSS result is widely used as an indicator of the severity of vulnerabilities, but not all sources of information list it [1]. Risk calculation will be performed by each client based on the vulnerability database shared by the operational center.…”

Section: Vulnerabilitiesmentioning

confidence: 99%

“…In addition, new vulnerabilities are still being discovered (with new incidents and IoCs being reported as well). Therefore, risk estimation should be carried out in real-time [1]. The statements given above are true even for individual institutions, but at a higher level (for example -within a given economic sector) the task of risk assessment is significantly more complicated.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Novel Approach to National-level Cyber Risk Assessment Based on Vulnerability Management and Threat Intelligence

Janiszewski¹,

Felkner²,

Lewandowski³

2019

JTIT

Self Cite

View full text Add to dashboard Cite

Real-time assessment of IT-related risks, performed at the national level, is very important due to the evolving nature of threats that may originate from individual hackers, organized cyber-criminal groups, as well as state activities. Evaluation of risk that is based on technical information, as well as on mutual relationships between various institutions and services, may result in very valuable situational awareness. The paper describes (in general) cyber risk analysis method which will be implemented in Polish National Cybersecurity Platform.

show abstract

Vulnerabilities and Digital Violations in Software Products: Logistic Regression Analysis

Anjum

Mohd

2020

2020 International Conference on Cyber Warfare and Security (ICCWS)

View full text Add to dashboard Cite

Trust and Risk Assessment Model of Popular Software Based on Known Vulnerabilities

Cited by 4 publications

References 5 publications

Automatic Actionable Information Processing and Trust Management towards Safer Internet of Things

Automatic Actionable Information Processing and Trust Management towards Safer Internet of Things

A Novel Approach to National-level Cyber Risk Assessment Based on Vulnerability Management and Threat Intelligence

Vulnerabilities and Digital Violations in Software Products: Logistic Regression Analysis

Contact Info

Product

Resources

About