University of Oulu

Li, X., Moreschini, S., Zhang, Z., Palomba, F., & Taibi, D. (2023). The anatomy of a vulnerability database: A systematic mapping study. In Journal of Systems and Software (Vol. 201, p. 111679). Elsevier BV.

The anatomy of a vulnerability database : a systematic mapping study

Saved in:
Author: Li, Xiaozhou1,2; Moreschini, Sergio1; Zhang, Zheying1;
Organizations: 1Tampere University, Tampere, Finland
2University of Oulu, Oulu, Finland
3SeSa Lab - University of Salerno, Fisciano, Italy
Format: article
Version: published version
Access: open
Online Access: PDF Full Text (PDF, 1 MB)
Persistent link:
Language: English
Published: Elsevier, 2023
Publish Date: 2023-09-01


Software vulnerabilities play a major role, as there are multiple risks associated, including loss and manipulation of private data. The software engineering research community has been contributing to the body of knowledge by proposing several empirical studies on vulnerabilities and automated techniques to detect and remove them from source code. The reliability and generalizability of the findings heavily depend on the quality of the information mineable from publicly available datasets of vulnerabilities as well as on the availability and suitability of those databases. In this paper, we seek to understand the anatomy of the currently available vulnerability databases through a systematic mapping study where we analyze (1) what are the popular vulnerability databases adopted; (2) what are the goals for adoption; (3) what are the other sources of information adopted; (4) what are the methods and techniques; (5) which tools are proposed. An improved understanding of these aspects might not only allow researchers to take informed decisions on the databases to consider when doing research but also practitioners to establish reliable sources of information to inform their security policies and standards.

see all

Series: Journal of systems and software
ISSN: 0164-1212
ISSN-E: 1873-1228
ISSN-L: 0164-1212
Volume: 201
Article number: 111679
DOI: 10.1016/j.jss.2023.111679
Type of Publication: A1 Journal article – refereed
Field of Science: 113 Computer and information sciences
Funding: Fabio Palomba gratefully acknowledges the support of the Swiss National Science Foundation through the SNF Projects No. PZ00P2_186090. This work has been partially supported by the EMELIOT national research project, funded by the MUR under the PRIN 2020 program (Contract 2020W3A5FY).
Dataset Reference: Data will be made available on request.
Copyright information: © 2023 The Author(s). Published by Elsevier Inc. This is an open access article under the CC BY license (