Related papers: A Survey on Vulnerability Prioritization: Taxonomy, Metrics, and Research Challenges

A Survey on Vulnerability Prioritization: Taxonomy, Metrics, and Research Challenges

URL: http://arxiv.org/abs/2502.11070v1
Date: Sun, 16 Feb 2025 10:33:37 GMT
Title: A Survey on Vulnerability Prioritization: Taxonomy, Metrics, and Research Challenges
Authors: Yuning Jiang, Nay Oo, Qiaoran Meng, Hoon Wei Lim, Biplab Sikdar,
Abstract summary: Resource constraints necessitate effective vulnerability prioritization strategies.<n>This paper introduces a novel taxonomy that categorizes metrics into severity, exploitability, contextual factors, predictive indicators, and aggregation methods.
Score: 20.407534993667607
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: In the highly interconnected digital landscape of today, safeguarding complex infrastructures against cyber threats has become increasingly challenging due to the exponential growth in the number and complexity of vulnerabilities. Resource constraints necessitate effective vulnerability prioritization strategies, focusing efforts on the most critical risks. This paper presents a systematic literature review of 82 studies, introducing a novel taxonomy that categorizes metrics into severity, exploitability, contextual factors, predictive indicators, and aggregation methods. Our analysis reveals significant gaps in existing approaches and challenges with multi-domain applicability. By emphasizing the need for dynamic, context-aware metrics and scalable solutions, we provide actionable insights to bridge the gap between research and real-world applications. This work contributes to the field by offering a comprehensive framework for evaluating vulnerability prioritization methodologies and setting a research agenda to advance the state of practice.

Related papers

Why Reasoning Matters? A Survey of Advancements in Multimodal Reasoning (v1) [66.51642638034822]
Reasoning is central to human intelligence, enabling structured problem-solving across diverse tasks. Recent advances in large language models (LLMs) have greatly enhanced their reasoning abilities in arithmetic, commonsense, and symbolic domains. This paper offers a concise yet insightful overview of reasoning techniques in both textual and multimodal LLMs.
arXiv Detail & Related papers (2025-04-04T04:04:56Z)
A Survey of Efficient Reasoning for Large Reasoning Models: Language, Multimodality, and Beyond [88.5807076505261]
Large Reasoning Models (LRMs) have demonstrated strong performance gains by scaling up the length of Chain-of-Thought (CoT) reasoning during inference. A growing concern lies in their tendency to produce excessively long reasoning traces. This inefficiency introduces significant challenges for training, inference, and real-world deployment.
arXiv Detail & Related papers (2025-03-27T15:36:30Z)
A Survey on Post-training of Large Language Models [185.51013463503946]
Large Language Models (LLMs) have fundamentally transformed natural language processing, making them indispensable across domains ranging from conversational systems to scientific exploration. These challenges necessitate advanced post-training language models (PoLMs) to address shortcomings, such as restricted reasoning capacities, ethical uncertainties, and suboptimal domain-specific performance. This paper presents the first comprehensive survey of PoLMs, systematically tracing their evolution across five core paradigms.
arXiv Detail & Related papers (2025-03-08T05:41:42Z)
Deep Learning Aided Software Vulnerability Detection: A Survey [3.4396557936415686]
The pervasive nature of software vulnerabilities has emerged as a primary factor for the surge in cyberattacks. Deep learning (DL) methods excel at automatically learning and identifying complex patterns in code. This survey analyzes 34 relevant studies from high-impact journals and conferences between 2017 and 2024.
arXiv Detail & Related papers (2025-03-06T01:35:16Z)
VulRG: Multi-Level Explainable Vulnerability Patch Ranking for Complex Systems Using Graphs [20.407534993667607]
This work introduces a graph-based framework for vulnerability patch prioritization.<n>It integrates diverse data sources and metrics into a universally applicable model.<n> refined risk metrics enable detailed assessments at the component, asset, and system levels.
arXiv Detail & Related papers (2025-02-16T14:21:52Z)
LLMs in Software Security: A Survey of Vulnerability Detection Techniques and Insights [12.424610893030353]
Large Language Models (LLMs) are emerging as transformative tools for software vulnerability detection.<n>This paper provides a detailed survey of LLMs in vulnerability detection.<n>We address challenges such as cross-language vulnerability detection, multimodal data integration, and repository-level analysis.
arXiv Detail & Related papers (2025-02-10T21:33:38Z)
SoK: Towards Effective Automated Vulnerability Repair [11.028015952491991]
The increasing prevalence of software vulnerabilities necessitates automated vulnerability repair (AVR) techniques.<n>This Systematization of Knowledge (SoK) provides a comprehensive overview of the landscape, encompassing both synthetic and real-world vulnerabilities.
arXiv Detail & Related papers (2025-01-31T00:35:55Z)
LLM as a Mastermind: A Survey of Strategic Reasoning with Large Language Models [75.89014602596673]
Strategic reasoning requires understanding and predicting adversary actions in multi-agent settings while adjusting strategies accordingly. We explore the scopes, applications, methodologies, and evaluation metrics related to strategic reasoning with Large Language Models. It underscores the importance of strategic reasoning as a critical cognitive capability and offers insights into future research directions and potential improvements.
arXiv Detail & Related papers (2024-04-01T16:50:54Z)
Object Detectors in the Open Environment: Challenges, Solutions, and Outlook [95.3317059617271]
The dynamic and intricate nature of the open environment poses novel and formidable challenges to object detectors. This paper aims to conduct a comprehensive review and analysis of object detectors in open environments. We propose a framework that includes four quadrants (i.e., out-of-domain, out-of-category, robust learning, and incremental learning) based on the dimensions of the data / target changes.
arXiv Detail & Related papers (2024-03-24T19:32:39Z)
Dynamic Vulnerability Criticality Calculator for Industrial Control Systems [0.0]
This paper introduces an innovative approach by proposing a dynamic vulnerability criticality calculator. Our methodology encompasses the analysis of environmental topology and the effectiveness of deployed security mechanisms. Our approach integrates these factors into a comprehensive Fuzzy Cognitive Map model, incorporating attack paths to holistically assess the overall vulnerability score.
arXiv Detail & Related papers (2024-03-20T09:48:47Z)
AI in Supply Chain Risk Assessment: A Systematic Literature Review and Bibliometric Analysis [0.0]
This study examines 1,903 articles from Google Scholar and Web of Science, with 54 studies selected through PRISMA guidelines. Our findings reveal that ML models, including Random Forest, XGBoost, and hybrid approaches, significantly enhance risk prediction accuracy and adaptability in post-pandemic contexts. The study underscores the necessity of dynamic strategies, interdisciplinary collaboration, and continuous model evaluation to address challenges such as data quality and interpretability.
arXiv Detail & Related papers (2023-12-12T17:47:51Z)
Predicting Themes within Complex Unstructured Texts: A Case Study on Safeguarding Reports [66.39150945184683]
We focus on the problem of automatically identifying the main themes in a safeguarding report using supervised classification approaches. Our results show the potential of deep learning models to simulate subject-expert behaviour even for complex tasks with limited labelled data.
arXiv Detail & Related papers (2020-10-27T19:48:23Z)

This list is automatically generated from the titles and abstracts of the papers in this site.