Poster: Analyzing and Correcting Inaccurate CVE-CWE Mappings in the National Vulnerability Database

  1. Home
  2. search page
  3. paper

Poster: Analyzing and Correcting Inaccurate CVE-CWE Mappings in the National Vulnerability Database

연구 분야: Strategies

논문 키워드: #graphs #vulnerabilities #mappings #database #fluctuating

학회: CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

초록

We conduct a longitudinal study of the National Vulnerability Database (NVD), focusing on the mappings between vulnerabilities (CVEs) and weaknesses (CWEs). Surprisingly, the study reveals that a significant portion of CVEs, fluctuating between 15% and 30% over the years, lack proper CWE mapping, and that almost 40% of the updates are non-informative. We introduce a methodology, based on knowledge graphs, for automating root cause weakness mapping for CVEs and for fixing existing inaccurate mappings. We showcase promising preliminary results toward this end.

Author Profile
Şevval Şimşek

Boston University Boston MA USA

Morocco
Author Profile
Zhenpeng Shi

Boston University Boston MA USA

Morocco
Author Profile
Howell Xia

Boston University Boston MA USA

Morocco

📄 논문 정보

발행 연도 2024년
인용수 0
출판 국가 Spain, Morocco
사이트 ACM
좋아요 수 0

연관 논문 목록 (169건)

Major Vulnerabilities of Web Application in Real World Scenarios and Their Prevention
저자: Basheer Riskhan , Md Amin Ullah Sheikh , Md Shakil Hossain , Khalid Hussain , Zurinahni Zainol , N Zaman Jhanjh
키워드: #vulnerabilities #security #attackers #forgery #misconfigurations
파트: Strategies | 연도: 2025
Precision-guided Smart Contract Fuzzing by static Analyses
저자: Tianyi Zhang , Qi Xia , Jianbin Gao , Hu Xia
키워드: #vulnerabilities #fuzzer #smartfuzz #fuzz #fuzzing
파트: Strategies | 연도: 2025
SSRFSeek: An LLM-based Static Analysis Framework for Detecting SSRF Vulnerabilities in PHP Applications
저자: Yuan Zhou , Enze Wang , Shuoyoucheng Ma
키워드: #vulnerabilities #web #forgery #taint #shortcomings
파트: Strategies | 연도: 2025
Anomaly Detection Services for Blockchain Smart Contracts with Unknown Vulnerabilities
저자: Chunhong Liu , Zihang Sang , Li Duan , Jingxiong Wang , Wei Ni , Wei Wang
키워드: #vulnerabilities #security #economic #anomalies #anomalous
파트: Strategies | 연도: 2025
CSAFuzzer: Fuzzing smart contracts combining with static analysis
저자: Jiahui Yang , Xiangfu Zhao , Hanfeng Zhang , Long He , Shiji Wang , Naixiang Gou
키워드: #vulnerabilities #bugs #hackers #blockchain #csafuzzer
파트: Strategies | 연도: 2025
Cyber defense in OCPP for EV charging security risks
저자: Safa Hamdare , David J. Brown , Devki Nandan Jha , Mohammad Aljaidi , Yue Cao , Sushil Kumar , Rupak Kharel , Manish Jugran , Omprakash Kaiwartya
키워드: #vulnerabilities #cyber #electric #mitigation #authentication
파트: Strategies | 연도: 2025
Poster Abstract: Time Attacks using Kernel Vulnerabilities
저자: Muhammad Abdullah Soomro , Adeel Nasrullah , Fatima Muhammad Anwar
키워드: #vulnerabilities #randomized #mitigation #timekeeping #disrupting
파트: Strategies | 연도: 2025
Designing and Optimizing Alignment Datasets for IoT Security: A Synergistic Approach with Static Analysis Insights
저자: Ahmad Al-Zuraiqi , Des Greer
키워드: #optimize #vulnerabilities #security #hard #mitigation
파트: Strategies | 연도: 2025
Identifying factors influencing the duration of zero-day vulnerabilities
저자: Yaman Roumani
키워드: #vulnerabilities #cyber #threats #weaknesses #damage
파트: Strategies | 연도: 2025
Vulnerability Repair via Concolic Execution and Code Mutations
저자: Abhik Roychoudhury , Ridwan Salihin Shariffdeen , Christopher Steven Timperley , Yannic Noller , Claire Le Goues
키워드: #vulnerabilities #automated #mutations #crashrepair #repairs
파트: Strategies | 연도: 2025