Li, X., Moreschini, S., Zhang, Z., Palomba, F., & Taibi, D. (2023). The anatomy of a vulnerability database: A systematic mapping study. In Journal of Systems and Software (Vol. 201, p. 111679). Elsevier BV. https://doi.org/10.1016/j.jss.2023.111679
The anatomy of a vulnerability database : a systematic mapping study
|Author:||Li, Xiaozhou1,2; Moreschini, Sergio1; Zhang, Zheying1;|
1Tampere University, Tampere, Finland
2University of Oulu, Oulu, Finland
3SeSa Lab - University of Salerno, Fisciano, Italy
|Online Access:||PDF Full Text (PDF, 1 MB)|
|Persistent link:|| http://urn.fi/urn:nbn:fi-fe20230901115692
|Publish Date:|| 2023-09-01
Software vulnerabilities play a major role, as there are multiple risks associated, including loss and manipulation of private data. The software engineering research community has been contributing to the body of knowledge by proposing several empirical studies on vulnerabilities and automated techniques to detect and remove them from source code. The reliability and generalizability of the findings heavily depend on the quality of the information mineable from publicly available datasets of vulnerabilities as well as on the availability and suitability of those databases. In this paper, we seek to understand the anatomy of the currently available vulnerability databases through a systematic mapping study where we analyze (1) what are the popular vulnerability databases adopted; (2) what are the goals for adoption; (3) what are the other sources of information adopted; (4) what are the methods and techniques; (5) which tools are proposed. An improved understanding of these aspects might not only allow researchers to take informed decisions on the databases to consider when doing research but also practitioners to establish reliable sources of information to inform their security policies and standards.
Journal of systems and software
|Type of Publication:||
A1 Journal article – refereed
|Field of Science:||
113 Computer and information sciences
Fabio Palomba gratefully acknowledges the support of the Swiss National Science Foundation through the SNF Projects No. PZ00P2_186090. This work has been partially supported by the EMELIOT national research project, funded by the MUR under the PRIN 2020 program (Contract 2020W3A5FY).
Data will be made available on request.
© 2023 The Author(s). Published by Elsevier Inc. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).