With PQDT Open, you can read the full text of open access dissertations and theses free of charge.
About PQDT Open
Search
There has been a considerable increase in Open Source software vulnerabilities in recent years (WhiteSource, 2018). Moreover, OSS vulnerabilities are disclosed through nonofficial channels and dispersed among heterogeneous data sources with limited cross-references. This renders efficiently assessing and accurately prioritizing these defects a daunting and impractical task (Snyk, 2019). Researchers have examined the OSS vulnerability assessment by considering crowdsourced information in the form of alerts (Khandpur et al., 2017). However, the potential prioritization of OSS through utilizing disaggregated metrics based on scoring standards available in governmental data sources, such as the National Vulnerability Database (NVD), have not been studied. This study presents a predictive model for OSS vulnerability prioritization based on unstructured descriptive and structured scoring information of OSS vulnerabilities using governmental-based and nongovernmental data sources. The model generates a high-level taxonomy for OSS vulnerability entries and infers associated missing metrics for nongovernmental records. Furthermore, it produces consolidated catalogs as supporting technical references for cybersecurity professionals to facilitate the interrelated assessment and prioritization processes. These catalogs provide cybersecurity professionals with actionable information to make informed decisions by ranking OSS vulnerabilities based on each defect’s vulnerable characteristics, and consequently allow an optimal allocation of resources to remediate the most critical issues.
Advisor: | Sarkani, Shahryar, Fossaceca, John |
Commitee: | Etemadi, Amir |
School: | The George Washington University |
Department: | Engineering Management |
School Location: | United States -- District of Columbia |
Source: | DAI-B 82/2(E), Dissertation Abstracts International |
Source Type: | DISSERTATION |
Subjects: | Engineering, Information Technology |
Keywords: | Common Vulnerability Scoring System, Cybersecurity, Predictive Modeling, Text Mining, Topic Modeling, Vulnerability Management |
Publication Number: | 28088873 |
ISBN: | 9798664759297 |