|
|
The anatomy of a vulnerability database : a systematic mapping study |
|---|---|
| Author: | Li, Xiaozhou1,2; Moreschini, Sergio1; Zhang, Zheying1; |
| Organizations: |
1Tampere University, Tampere, Finland 2University of Oulu, Oulu, Finland 3SeSa Lab - University of Salerno, Fisciano, Italy |
| Format: | article |
| Version: | published version |
| Access: | open |
| Online Access: | PDF Full Text (PDF, 1 MB) |
| Persistent link: | http://urn.fi/urn:nbn:fi-fe20230901115692 |
| Language: | English |
| Published: |
Elsevier,
2023
|
| Publish Date: | 2023-09-01 |
| Description: |
AbstractSoftware vulnerabilities play a major role, as there are multiple risks associated, including loss and manipulation of private data. The software engineering research community has been contributing to the body of knowledge by proposing several empirical studies on vulnerabilities and automated techniques to detect and remove them from source code. The reliability and generalizability of the findings heavily depend on the quality of the information mineable from publicly available datasets of vulnerabilities as well as on the availability and suitability of those databases. In this paper, we seek to understand the anatomy of the currently available vulnerability databases through a systematic mapping study where we analyze (1) what are the popular vulnerability databases adopted; (2) what are the goals for adoption; (3) what are the other sources of information adopted; (4) what are the methods and techniques; (5) which tools are proposed. An improved understanding of these aspects might not only allow researchers to take informed decisions on the databases to consider when doing research but also practitioners to establish reliable sources of information to inform their security policies and standards. see all
|
| Series: |
Journal of systems and software |
| ISSN: | 0164-1212 |
| ISSN-E: | 1873-1228 |
| ISSN-L: | 0164-1212 |
| Volume: | 201 |
| Article number: | 111679 |
| DOI: | 10.1016/j.jss.2023.111679 |
| OADOI: | https://oadoi.org/10.1016/j.jss.2023.111679 |
| Type of Publication: |
A1 Journal article – refereed |
| Field of Science: |
113 Computer and information sciences |
| Subjects: | |
| Funding: |
Fabio Palomba gratefully acknowledges the support of the Swiss National Science Foundation through the SNF Projects No. PZ00P2_186090. This work has been partially supported by the EMELIOT national research project, funded by the MUR under the PRIN 2020 program (Contract 2020W3A5FY). |
| Dataset Reference: |
Data will be made available on request. |
| Copyright information: |
© 2023 The Author(s). Published by Elsevier Inc. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/). |
|
https://creativecommons.org/licenses/by/4.0/ |