A Survey on Software Vulnerability Exploitability Assessment

A Survey on Software Vulnerability Exploitability Assessment

Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in under...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:ACM computing surveys 2024-08, Vol.56 (8), p.1-41, Article 205
Hauptverfasser: Elder, Sarah, Rahman, Md Rayhanur, Fringer, Gage, Kapoor, Kunal, Williams, Laurie
Format: Artikel
Sprache:eng
Schlagworte:
Assessments
Computer science
Security and privacy
Software and application security
Software and its engineering
Software defect analysis
Software reliability
Software security engineering
State (computer science)
Vulnerability management
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in understanding existing methods for assessing vulnerability exploitability through a survey of exploitability assessment literature. We identify three exploitability assessment approaches: assessments based on original, manual Common Vulnerability Scoring System, automated Deterministic assessments, and automated Probabilistic assessments. Other than the original Common Vulnerability Scoring System, the two most common sub-categories are Deterministic, Program State based, and Probabilistic learning model assessments.
ISSN:0360-0300
1557-7341
DOI:10.1145/3648610