{"title":"开源漏洞库数据不一致性评估","authors":"Yuning Jiang, M. Jeusfeld, Jianguo Ding","doi":"10.1145/3465481.3470093","DOIUrl":null,"url":null,"abstract":"Modern security practices promote quantitative methods to provide prioritisation insights and support predictive analysis, which is supported by open-source cybersecurity databases such as the Common Vulnerabilities and Exposures (CVE), the National Vulnerability Database (NVD), CERT, and vendor websites. These public repositories provide a way to standardise and share up-to-date vulnerability information, with the purpose to enhance cybersecurity awareness. However, data quality issues of these vulnerability repositories may lead to incorrect prioritisation and misemployment of resources. In this paper, we aim to empirically analyse the data quality impact of vulnerability repositories for actual information technology (IT) and operating technology (OT) systems, especially on data inconsistency. Our case study shows that data inconsistency may misdirect investment of cybersecurity resources. Instead, correlated vulnerability repositories and trustworthiness data verification bring substantial benefits for vulnerability management.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Evaluating the Data Inconsistency of Open-Source Vulnerability Repositories\",\"authors\":\"Yuning Jiang, M. Jeusfeld, Jianguo Ding\",\"doi\":\"10.1145/3465481.3470093\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern security practices promote quantitative methods to provide prioritisation insights and support predictive analysis, which is supported by open-source cybersecurity databases such as the Common Vulnerabilities and Exposures (CVE), the National Vulnerability Database (NVD), CERT, and vendor websites. These public repositories provide a way to standardise and share up-to-date vulnerability information, with the purpose to enhance cybersecurity awareness. However, data quality issues of these vulnerability repositories may lead to incorrect prioritisation and misemployment of resources. In this paper, we aim to empirically analyse the data quality impact of vulnerability repositories for actual information technology (IT) and operating technology (OT) systems, especially on data inconsistency. Our case study shows that data inconsistency may misdirect investment of cybersecurity resources. Instead, correlated vulnerability repositories and trustworthiness data verification bring substantial benefits for vulnerability management.\",\"PeriodicalId\":417395,\"journal\":{\"name\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"volume\":\"49 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3465481.3470093\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3470093","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Evaluating the Data Inconsistency of Open-Source Vulnerability Repositories
Modern security practices promote quantitative methods to provide prioritisation insights and support predictive analysis, which is supported by open-source cybersecurity databases such as the Common Vulnerabilities and Exposures (CVE), the National Vulnerability Database (NVD), CERT, and vendor websites. These public repositories provide a way to standardise and share up-to-date vulnerability information, with the purpose to enhance cybersecurity awareness. However, data quality issues of these vulnerability repositories may lead to incorrect prioritisation and misemployment of resources. In this paper, we aim to empirically analyse the data quality impact of vulnerability repositories for actual information technology (IT) and operating technology (OT) systems, especially on data inconsistency. Our case study shows that data inconsistency may misdirect investment of cybersecurity resources. Instead, correlated vulnerability repositories and trustworthiness data verification bring substantial benefits for vulnerability management.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
