An Early Alert System for Software Vulnerabilities based on Vulnerability Repositories and Social Networks

Abstract

The huge amount of information regarding software vulnerabilities, the multiple and heterogeneous information sources, and the lack of awareness about the dangers of software vulnerabilities, exacerbates the risks of security threats being materialized. In this complex context, this paper approaches the problem of managing early alerts for software vulnerablities by leveraging existing vulnerability information found in vulnerability repositories and social networks. To this end, we propose a solution based on techniques that stem from automated retrieval of information about vulneratilities from the above sources, userdefined preferences regarding their technological environment and intelligent vulnerability tagging. Our user studies reveal the feasibility of our approach as a tool for managing early alerts regarding software vulnerabilities and keeping security professionals aware of them.