2018
DOI: 10.1007/978-3-030-01701-9_21
|View full text |Cite
|
Sign up to set email alerts
|

Understanding the Hidden Cost of Software Vulnerabilities: Measurements and Predictions

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
11
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
3
2
2

Relationship

2
5

Authors

Journals

citations
Cited by 8 publications
(11 citation statements)
references
References 22 publications
0
11
0
Order By: Relevance
“…(1) A Common Vulnerability Exposure (CVE) ID number [8] that uniquely identifies the vulnerability. (2) The vulnerability entry's publication date. (3) The vulnerability type/category, as classified by the Common Weakness Enumeration (CWE) [29].…”
Section: Datasetmentioning
confidence: 99%
See 3 more Smart Citations
“…(1) A Common Vulnerability Exposure (CVE) ID number [8] that uniquely identifies the vulnerability. (2) The vulnerability entry's publication date. (3) The vulnerability type/category, as classified by the Common Weakness Enumeration (CWE) [29].…”
Section: Datasetmentioning
confidence: 99%
“…Both commercial security services (e.g., Hakiri [12], Snyk [18], and SourceClear [17]), and open-source security tools (e.g., Bundleraudit [11], OWASP OSSIndex [16], and Dependency-check [13]) depend on the NVD's vulnerability information to function effectively. Furthermore, researchers [2,3,27] have used the NVD as a core data source to shed light on aspects of the vulnerability discovery and remediation process. Given the importance of the NVD, it is crucial that we understand the quality of its data, lest some incorrect information leads to a critical security lapse [5].…”
Section: Introductionmentioning
confidence: 99%
See 2 more Smart Citations
“…Anwar et al [17] analyzed the effect of vulnerabilities on vendors and demonstrated the impact depends on the products' industry sector. Gamero-Garrido et al [18] characterized the effect of legal threats on vulnerability researchers and observed that 40% of the studied vendors allow academic researchers to evaluate their products, and 25% of security researchers stated they do not do so because they fear legal measures.…”
Section: Related Workmentioning
confidence: 99%