Page 398 - Kaleidoscope Academic Conference Proceedings 2024
P. 398
2024 ITU Kaleidoscope Academic Conference
2.3 Vulnerability management Additionally, the field of cyber forensics dealing with
analysis of evidence linked with software, can gain
Vulnerability management is the process of identifying, significantly from vulnerability intelligence. A
classifying, prioritizing, addressing, and alleviating security comprehensive foundational knowledge of vulnerability
vulnerabilities [3] within an organization's systems, software, insights and attack vectors is required in crimes and cases
and infrastructure. where software is involved for performing an unintended or
unauthorized activity for a malicious purpose, so that an
2.4 Vulnerability intelligence dashboard attack or an incident methodology may be understood. The
current fragmented databases and repositories pose a
A vulnerability intelligence dashboard is a centralized user challenge for the cyber forensic analyst and require
interface component that provides insights and data related considerable time and effort to collect all information that
to security vulnerabilities in a visually coherent format. may help in the analysis. This need leads to the following
third research question:
2.5 Web-based vulnerability intelligence platform
• How can the fragmented information present in open-
A platform, is a comprehensive software solution that source vulnerability databases and separately
supports and provides a wide range of specific functions and maintained attack pattern CAPEC repository be
services. It includes multiple components that enable data efficiently linked and intuitively presented to save time
storage, processing, analysis, and other application and effort in forensic analysis when attempting to search
functionality. A web-based vulnerability intelligence known attack methods that use known vulnerabilities?
platform, in the current context, refers to comprehensive
software solution that provides the functionality to aggregate, 4. BACKGROUND, CONTEMPORARY
process and distill vulnerability information into a concrete APPROACHES AND RELATED WORKS
vulnerability intelligence, that can be accessed through a web
browser over the Internet [4]. 4.1 Vulnerability databases
3. PROBLEM STATEMENT Vulnerability databases are a foundational component within
vulnerability management, as they play a key role in the
There are inherent challenges when attempting to gain identification, tracking, and management of vulnerabilities
vulnerability intelligence from open-source vulnerability in software and hardware. They store known vulnerabilities
databases. First, the current vulnerability databases are in various technological systems, software applications, and
fragmented when considering the entire landscape of tools, hardware components along with their characteristics such
languages and frameworks used for developing software. as technical details, severity and affected versions in their
They use diverse structure, formats, and taxonomies. This own standardized taxonomies and often have scoring
fragmentation makes it difficult for organizations to systems that prioritize them accordingly. Regularly managed
comprehensively track them and have a unified view of the and updated vulnerability databases are extremely valuable
vulnerabilities. Second, vulnerability databases themselves to organizations and the cyber security community, as they
provide a sheer overload of information that can be guide towards developing effective and proactive defense
extremely overwhelming. This requires the monumental task strategies.
of sifting through large quantities of information that identify
the pertinent vulnerabilities specific to each environment. In order to provide a solution for the posed research
Both these problems cause inefficiencies in vulnerability questions, two well-maintained and community driven
management and increase the security risks by increasing the vulnerability databases, along with some related repositories
likelihood of critical vulnerabilities being overlooked. were identified that are discussed next.
In view of the above challenges, the need for a vulnerability 4.2 The Open-Source Vulnerability (OSV) Database
intelligence platform arises that can aggregate information
about pertinent vulnerabilities from multiple vulnerability The OSV database is a distributed vulnerability database that
databases, converge the vulnerability insights and allow essentially aggregates and indexes vulnerability data from
them to be distilled, specific to each development ecosystem. databases that record vulnerabilities of open-source software
This need leads to the following two research questions – [5] and use the schema defined by OSV. It is an ongoing
effort and its current data sources include GitHub Advisory
• First, how can organizations efficiently aggregate and Database, PyPI Advisory Database, Go Vulnerability
standardize data from the diverse vulnerability Database, Rust Advisory Database, Global Security
databases available? Database, OSS-Fuzz, Rocky Linux (BSD), AlmaLinux
• And second, how can organizations extract/distill (MIT), Haskell Security Advisories, RConsortium Advisory
relevant and actionable vulnerability information Database (Apache 2.0) and Python Software Foundation
without getting overwhelmed by the information Database [5].
overload?
– 354 –
