There has been a considerable increase in Open Source software vulnerabilities in recent years (WhiteSource, 2018). Moreover, OSS vulnerabilities are disclosed through nonofficial channels and dispersed among heterogeneous data sources with limited cross-references. This renders efficiently assessing and accurately prioritizing these defects a daunting and impractical task (Snyk, 2019). Researchers have examined the OSS vulnerability assessment by considering crowdsourced information in the form of alerts (Khandpur et al., 2017). However, the potential prioritization of OSS through utilizing disaggregated metrics based on scoring standards available in governmental data sources, such as the National Vulnerability Database (NVD), have not been studied. This study presents a predictive model for OSS vulnerability prioritization based on unstructured descriptive and structured scoring information of OSS vulnerabilities using governmental-based and nongovernmental data sources. The model generates a high-level taxonomy for OSS vulnerability entries and infers associated missing metrics for nongovernmental records. Furthermore, it produces consolidated catalogs as supporting technical references for cybersecurity professionals to facilitate the interrelated assessment and prioritization processes. These catalogs provide cybersecurity professionals with actionable information to make informed decisions by ranking OSS vulnerabilities based on each defect’s vulnerable characteristics, and consequently allow an optimal allocation of resources to remediate the most critical issues.
|Advisor:||Sarkani, Shahryar, Fossaceca, John|
|School:||The George Washington University|
|School Location:||United States -- District of Columbia|
|Source:||DAI-B 82/2(E), Dissertation Abstracts International|
|Subjects:||Engineering, Information Technology|
|Keywords:||Common Vulnerability Scoring System, Cybersecurity, Predictive Modeling, Text Mining, Topic Modeling, Vulnerability Management|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be