A Survey on Data-driven Software Vulnerability Assessment and Prioritization

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surges...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:ACM computing surveys 2022-12, Vol.55 (5), p.1-39, Article 100
Hauptverfasser: Le, Triet H. M., Chen, Huaming, Babar, M. Ali
Format: Artikel
Sprache:eng
Schlagworte:
Best practice
Computer science
Computing methodologies
Deep learning
General and reference
Machine learning
Neural networks
Security and privacy
Software
Software reliability
Software security engineering
Surveys and overviews
Taxonomy
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surges in SV data sources and data-driven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues.
ISSN:0360-0300
1557-7341
DOI:10.1145/3529757