Cybersecurity Vulnerability Prioritisation via Risk Assessment

Abstract

The Common Vulnerabilities and Exposures (CVE) database lists a large number of vulnerabilities that are present in specific versions of software libraries and applications, but although there is a severity ranking, it does not immediately follow that an identified vulnerability with high severity will be particularly important for a specific application. This paper presents the motivation for CVE Prioritization for a given case and describes an outline process for evaluating the priority of CVEs via risk assessment simulations.

Read the publication

Language

English

Author(s)

Steve Taylor
Panos Melas
Mike Surridge
Paolo De Lutiis
Manuel Leone
Martin Gilje Jaatun
Ravishankar Borgaonkar

Affiliation

SINTEF Digital / Software Engineering, Safety and Security
Italy
University of Southampton

Date

10.08.2025

Year

2025

Publisher

Springer

Book

Availability, Reliability and Security: ARES 2025 International Workshops, Ghent, Belgium, August 11–14, 2025, Proceedings, Part IV

ISBN

9783032006394

Page(s)

57 - 69

DOI

https://doi.org/10.1007/978-3-032-00639-4_4

View this publication at Norwegian Research Information Repository

Contact us

Our services

Career

Sustainability

Management and board

Institutes

Other units

About us

Follow us