A Vulnerability’s Lifetime: Enhancing Version Information in CVE Databases
Key: GSW15-1
Author: Leonid Glanz, Sebastian Schmidt, Sebastian Wollny und Ben Hermann
Date: October 2015
Kind: In proceedings
Book title: Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business
Keywords: Information extraction, knowledge discovery, vulnerabilities
Abstract: The National Vulnerability Database (NVD) is a rich source of information for system administrators, software engineers, IT security consultants, and researchers in software security. Relevant information is provided in machine readable form and hence can be used for automated software security management. However, we discovered that information on affected software versions and fix information is not always available. We therefore propose to enrich the NVD database with this information and use a rule-based approach to extract this information from the informal vulnerability description. Such information is useful in software development to exchange or avoid vulnerable components as well as in security research for directed cause analysis.
View Full paper (PDF) | Download Full paper (PDF)
Official URL

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, not withstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.