2024 ITU Kaleidoscope Academic Conference




           •   It reduces information overload by providing filtering   https://csrc.nist.gov/glossary/term/vulnerability.
               capabilities  to  only  view  relevant  intelligence  linked   [Accessed 09 2023].
               with a specific software ecosystem.
           •   It aggregates data from two comprehensive and standard   [3]  P. Foreman, Vulnerability Management, CRC
               community  driven  databases  in  a  unified  format  and   Press, 2019.
               augmenting only relevant information aiding in quality
               with understandability.                            [4]  "WHAT IS A WEB APPLICATION?" Stackpath,
           •   It  opens  the  platform  for  integration  for  any  future   [Online]. Available:
               vulnerability databases through data interchange in the   https://www.stackpath.com/edge-academy/what-
               unified schema format.                                is-a-web-application/. [Accessed 09 2023].
           •   It brings about options for collaborations by sharing the
               vulnerability intelligence generated through REST APIs.   [5]  "Google Security Blog," Google, [Online].
                                                                     Available:
                  7.  DIRECTIONS FOR FUTURE WORK                     https://security.googleblog.com/2021/06/announci
                                                                     ng-unified-vulnerability-schema.html. [Accessed
           The  developed  system  has  strong  potential  to  be  further   09 2023].
           enhanced by efforts in several avenues. To ensure a richer
           body of knowledge to work upon, more reliable vulnerability   [6]  NIST, "NIST National Vulnerability Database,"
           databases  may  be  aggregated.  The  existing  vulnerability   [Online]. Available: https://nvd.nist.gov/.
           information can be enhanced by remapping to more concrete   [Accessed 09 2023].
           categorizations for ecosystems. Additionally, user feedback
           can be used to improve and update the severity and relevance   [7]  "NIST National Vulnerability Database: General
           of existing information. Another avenue for future work for   Information," [Online]. Available:
           enhancing  the  capabilities  can  be  the  exploration  of   https://nvd.nist.gov/general. [Accessed 09 2023].
           incorporation  of  machine  learning  algorithms  which  can
           improve  the  system's  capacity  to  anticipate  and  prioritize   [8]  "CWE - Common Weakness Enumeration,"
           potential  vulnerabilities  by  analyzing  existing  data  and   MITRE, [Online]. Available:
           patterns.                                                 https://cwe.mitre.org/. [Accessed 09 2023].

                            8.  CONCLUSION                        [9]  "About CAPEC," MITRE, [Online]. Available:
                                                                     https://capec.mitre.org/about/index.html.
           The developed solution brings about enhanced usability by   [Accessed 09 2023].
           bringing  the  vastly  fragmented  vulnerability  information
           together  and  converging  them  into  valuable  vulnerability   [10] J. D. M. Albert J. Marcella, Cyber Forensics, CRC
           insights. Its integration with NVD and OSV for centralized   Press, Taylor & Francis Group, 2010.
           aggregation of vulnerability data and collaboration options
           through  REST  APIs,  aligns  with  broader  standardizations   [11] "CISA Launches Known Exploited Vulnerabilities
           efforts for vulnerability information. It aims to bring all the   (KEV) Catalog," [Online]. Available:
           available  data  under  one  single  point  of  access  to  make   https://www.securin.io/articles/cisa-launches-
           handling  of  vulnerability  information  more  efficient  and   known-exploited-vulnerabilities-catalog/.
           fruitful.  The  key  benefit  of  facilitating  informed  decision   [Accessed 09 2023].
           making  in  vulnerability  management  and  minimizing
           information  overload  by  only  focusing  on  relevant  and   [12] "What is the difference between a Feed and an API
           prioritized insights through visual interfaces greatly aids in   as export channel?," [Online]. Available:
           the  process  of  improving  the  security  posture  of  the   https://helpcenter.channable.com/hc/en-
           organization.  In  addition  to  that,  the  collaboration  avenue   us/articles/360011205739-What-is-the-difference-
           that this solution opens can greatly enhance the value and   between-a-Feed-and-an-API-as-export-channel.
           ensure  the  solution  stays  relevant  and  beneficial  to  the   [Accessed 09 2023].
           community.
                                                                  [13] "CVEs Tenable," Tenable, [Online]. Available:
                            REFERENCES                               https://www.tenable.com/cve. [Accessed 07 2024].
               [1]  Q. &. S. D. &. F. M. &. S. K. Covert, "Towards a   [14] "Bucket Details: osv-vulnerabilities," [Online].
                  Triad for Data Privacy," in Proceedings of the 53rd   Available:
                  Hawaii International Conference on System          https://console.cloud.google.com/storage/browser/
                  Sciences, 2020.                                    osv-vulnerabilities. [Accessed 09 2023].

               [2]  "NIST Computer Security Resource Centre,"     [15] "NVD Full Listing," NIST, [Online]. Available:
                  NIST, [Online]. Available:                         https://nvd.nist.gov/vuln/full-listing. [Accessed 09
                                                                     2023].





                                                          – 360 –