Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Evaluating the Data Inconsistency of Open-Source Vulnerability Repositories
University of Skövde, Informatics Research Environment. University of Skövde, School of Informatics. (Distributed Real-Time Systems (DRTS))ORCID iD: 0000-0003-4791-8452
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Information Systems (IS))ORCID iD: 0000-0002-9421-8566
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Distributed Real-Time Systems (DRTS))ORCID iD: 0000-0002-8927-0968
2021 (English)In: ARES 2021: The 16th International Conference on Availability, Reliability and Security, Association for Computing Machinery (ACM), 2021, p. 1-10, article id 86Conference paper, Published paper (Refereed)
Abstract [en]

Modern security practices promote quantitative methods to provide prioritisation insights and support predictive analysis, which is supported by open-source cybersecurity databases such as the Common Vulnerabilities and Exposures (CVE), the National Vulnerability Database (NVD), CERT, and vendor websites. These public repositories provide a way to standardise and share up-to-date vulnerability information, with the purpose to enhance cybersecurity awareness. However, data quality issues of these vulnerability repositories may lead to incorrect prioritisation and misemployment of resources. In this paper, we aim to empirically analyse the data quality impact of vulnerability repositories for actual information technology (IT) and operating technology (OT) systems, especially on data inconsistency. Our case study shows that data inconsistency may misdirect investment of cybersecurity resources. Instead, correlated vulnerability repositories and trustworthiness data verification bring substantial benefits for vulnerability management. 

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2021. p. 1-10, article id 86
Keywords [en]
Cybersecurity, Data Inconsistency, Vulnerability Analysis
National Category
Computer Systems Information Systems
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
URN: urn:nbn:se:his:diva-19849DOI: 10.1145/3465481.3470093ISI: 000749539200136Scopus ID: 2-s2.0-85113197148ISBN: 978-1-4503-9051-4 (print)OAI: oai:DiVA.org:his-19849DiVA, id: diva2:1572745
Conference
4th International Workshop on Cyber Threat Intelligence Management (CyberTIM 2021), August 17 – August 20, 2021, held in conjunction with ARES 2021: The 16th International Conference on Availability, Reliability and Security, Vienna, Austria, August 17 - 20, 2021
Note

©2021 Copyright held by the owner/author(s). Publication rights licensed to ACM.

Available from: 2021-06-24 Created: 2021-06-24 Last updated: 2022-02-22Bibliographically approved

Open Access in DiVA

fulltext(1985 kB)846 downloads
File information
File name FULLTEXT02.pdfFile size 1985 kBChecksum SHA-512
30d4412a127bda39dec796e051aae7c18706cc009a30d707622323819e7e40f60908618424dfd1a97ec36815a7a03b81bee226a3c8c5f843fdae4658b4fdf4d4
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Jiang, YuningJeusfeld, Manfred A.Ding, Jianguo

Search in DiVA

By author/editor
Jiang, YuningJeusfeld, Manfred A.Ding, Jianguo
By organisation
Informatics Research EnvironmentSchool of Informatics
Computer SystemsInformation Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 846 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 542 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf