Dissertation/Thesis Abstract

Prioritization of Open Source Defects Using Predictive Models
by Martinez, Jorge E., D.Engr., The George Washington University, 2020, 164; 28088873
Abstract (Summary)

There has been a considerable increase in Open Source software vulnerabilities in recent years (WhiteSource, 2018). Moreover, OSS vulnerabilities are disclosed through nonofficial channels and dispersed among heterogeneous data sources with limited cross-references. This renders efficiently assessing and accurately prioritizing these defects a daunting and impractical task (Snyk, 2019). Researchers have examined the OSS vulnerability assessment by considering crowdsourced information in the form of alerts (Khandpur et al., 2017). However, the potential prioritization of OSS through utilizing disaggregated metrics based on scoring standards available in governmental data sources, such as the National Vulnerability Database (NVD), have not been studied. This study presents a predictive model for OSS vulnerability prioritization based on unstructured descriptive and structured scoring information of OSS vulnerabilities using governmental-based and nongovernmental data sources. The model generates a high-level taxonomy for OSS vulnerability entries and infers associated missing metrics for nongovernmental records. Furthermore, it produces consolidated catalogs as supporting technical references for cybersecurity professionals to facilitate the interrelated assessment and prioritization processes. These catalogs provide cybersecurity professionals with actionable information to make informed decisions by ranking OSS vulnerabilities based on each defect’s vulnerable characteristics, and consequently allow an optimal allocation of resources to remediate the most critical issues.

Indexing (document details)
Advisor: Sarkani, Shahryar, Fossaceca, John
Commitee: Etemadi, Amir
School: The George Washington University
Department: Engineering Management
School Location: United States -- District of Columbia
Source: DAI-B 82/2(E), Dissertation Abstracts International
Subjects: Engineering, Information Technology
Keywords: Common Vulnerability Scoring System, Cybersecurity, Predictive Modeling, Text Mining, Topic Modeling, Vulnerability Management
Publication Number: 28088873
ISBN: 9798664759297
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy