• Bicudo M, Pereira C, Miranda L, Senos L, Banjar C, Menasché D, Srivastava G, Lovat E, Kocheturov A, Martins M and De Aguiar L. (2024). A Statistical Approach to Severity Aware Vulnerability Prioritization 2024 IEEE 13th International Conference on Cloud Networking (CloudNet). 10.1109/CloudNet62863.2024.10815757. 979-8-3503-7656-2. (1-6).

    https://ieeexplore.ieee.org/document/10815757/

  • Miranda L, Senos L, Menasché D, Srivastava G, Kocheturov A, Ramchandran A, Lovat E and Limmer T. (2024). Learning CNA-Oriented CVSS Scores 2024 IEEE 13th International Conference on Cloud Networking (CloudNet). 10.1109/CloudNet62863.2024.10815736. 979-8-3503-7656-2. (1-5).

    https://ieeexplore.ieee.org/document/10815736/

  • Coutinho L, Menasche D, Miranda L, Lovat E, Kumar S, Ramchandran A, Kocheturov A and Limmer T. How Context Impacts Vulnerability Severity: An Analysis of Product-Specific CVSS Scores. Proceedings of the 13th Latin-American Symposium on Dependable and Secure Computing. (17-27).

    https://doi.org/10.1145/3697090.3697109

  • Mirtaheri S and Pugliese A. (2024). Leveraging Generative AI to Enhance Automated Vulnerability Scoring 2024 IEEE Conference on Dependable, Autonomic and Secure Computing (DASC). 10.1109/DASC64200.2024.00014. 979-8-3315-2272-8. (57-64).

    https://ieeexplore.ieee.org/document/10798728/

  • Freitas T, Novo C, Soares J, Dutra I, Correia M, Shariati B and Martins R. (2024). HAL 9000: a Risk Manager for ITSs 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA). 10.1109/TPS-ISA62245.2024.00044. 979-8-3503-8674-5. (322-331).

    https://ieeexplore.ieee.org/document/10835713/

  • Isogai S, Ogata S, Kashiwa Y, Yazawa S, Okano K, Okubo T and Washizaki H. (2024). Toward Extracting Learning Pattern: A Comparative Study of GPT-4o-mini and BERT Models in Predicting CVSS Base Vectors 2024 IEEE 35th International Symposium on Software Reliability Engineering Workshops (ISSREW). 10.1109/ISSREW63542.2024.00067. 979-8-3503-6704-1. (127-134).

    https://ieeexplore.ieee.org/document/10771484/

  • Ruan B, Liu J, Zhao W and Liang Z. VulZoo: A Comprehensive Vulnerability Intelligence Dataset. Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering. (2334-2337).

    https://doi.org/10.1145/3691620.3695345

  • Le T and Ali Babar M. Mitigating Data Imbalance for Software Vulnerability Assessment: Does Data Augmentation Help?. Proceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement. (119-130).

    https://doi.org/10.1145/3674805.3686674

  • Mirtaheri S, Pugliese A, Movahedkor N and Majd A. (2024). Advanced Automated Vulnerability Scoring: Improving Performance with a Fine-Tuned BERT-CNN Model 2024 11th International Symposium on Telecommunications (IST). 10.1109/IST64061.2024.10843410. 979-8-3503-5625-0. (109-113).

    https://ieeexplore.ieee.org/document/10843410/

  • Iannone E, Sellitto G, Iaccarino E, Ferrucci F, De Lucia A and Palomba F. (2024). Early and Realistic Exploitability Prediction of Just-Disclosed Software Vulnerabilities: How Reliable Can It Be?. ACM Transactions on Software Engineering and Methodology. 33:6. (1-41). Online publication date: 31-Jul-2024.

    https://doi.org/10.1145/3654443

  • Isogai S, Ogata S, Kashiwa Y, Yazawa S, Okano K, Okubo T and Washizaki H. (2024). Comparison of Methods for Automatically Predicting CVSS Base Vector 2024 IEEE 48th Annual Computers, Software, and Applications Conference (COMPSAC). 10.1109/COMPSAC61105.2024.00140. 979-8-3503-7696-8. (1029-1034).

    https://ieeexplore.ieee.org/document/10633514/

  • Li X, Wang C, Gu Y and Shi F. (2024). Network Asset Vulnerability Assessment Model Based on QPSO-LightGBM. Developments and Applications in SmartRail, Traffic, and Transportation Engineering. 10.1007/978-981-97-3682-9_81. (873-884).

    https://link.springer.com/10.1007/978-981-97-3682-9_81

  • Levshun D. (2024). Comparative Analysis of Machine Learning Methods in Vulnerability Categories Prediction Based on Configuration Similarity. Intelligent Distributed Computing XVI. 10.1007/978-3-031-60023-4_11. (70-81).

    https://link.springer.com/10.1007/978-3-031-60023-4_11

  • Vasireddy D, Dale D and Li Q. (2023). CVSS Base Score Prediction Using an Optimized Machine Learning Scheme 2023 Resilience Week (RWS). 10.1109/RWS58133.2023.10284627. 979-8-3503-4747-0. (1-6).

    https://ieeexplore.ieee.org/document/10284627/

  • Yoon S, Kim D, Kim K and Euom I. (2023). Vulnerability Exploitation Risk Assessment Based on Offensive Security Approach. Applied Sciences. 10.3390/app132212180. 13:22. (12180).

    https://www.mdpi.com/2076-3417/13/22/12180

  • Seker E and Meng W. (2023). XVRS: Extended Vulnerability Risk Scoring based on Threat Intelligence 2023 IEEE International Conference on Metaverse Computing, Networking and Applications (MetaCom). 10.1109/MetaCom57706.2023.00094. 979-8-3503-3333-6. (516-523).

    https://ieeexplore.ieee.org/document/10271793/

  • Le T, Chen H and Babar M. (2022). A Survey on Data-driven Software Vulnerability Assessment and Prioritization. ACM Computing Surveys. 55:5. (1-39). Online publication date: 31-May-2023.

    https://doi.org/10.1145/3529757

  • Levshun D and Chechulin A. (2023). Vulnerability Categorization for Fast Multistep Attack Modelling 2023 33rd Conference of Open Innovations Association (FRUCT). 10.23919/FRUCT58615.2023.10143048. 978-952-69244-9-6. (169-175).

    https://ieeexplore.ieee.org/document/10143048/

  • Ni C, Shen L, Wang W, Chen X, Yin X and Zhang L. (2023). FVA: Assessing Function-Level Vulnerability by Integrating Flow-Sensitive Structure and Code Statement Semantic 2023 IEEE/ACM 31st International Conference on Program Comprehension (ICPC). 10.1109/ICPC58990.2023.00048. 979-8-3503-3750-1. (339-350).

    https://ieeexplore.ieee.org/document/10174072/

  • Kurniawan A, Darus M, Mohd Ariffin M, Muliono Y and Pardomuan C. (2023). Automation of Quantifying Security Risk Level on Injection Attacks Based on Common Vulnerability Scoring System Metric. Pertanika Journal of Science and Technology. 10.47836/pjst.31.3.07. 31:3. (1245-1265).

    http://www.pertanika.upm.edu.my/pjst/browse/regular-issue?article=JST-3452-2022

  • Levshun D. (2023). Comparative Analysis of Machine Learning Methods in Vulnerability Metrics Transformation. Proceedings of the Seventh International Scientific Conference “Intelligent Information Technologies for Industry” (IITI’23). 10.1007/978-3-031-43792-2_6. (60-70).

    https://link.springer.com/10.1007/978-3-031-43792-2_6

  • Jing W, Wei L, Jin H, Zhang C, Dong W and Li Y. (2022). Using Federated Learning to Predict Vulnerability Exploitability 2022 5th International Conference on Hot Information-Centric Networking (HotICN). 10.1109/HotICN57539.2022.10036231. 979-8-3503-3520-0. (83-89).

    https://ieeexplore.ieee.org/document/10036231/

  • Sindhwad P and Kazi F. (2022). Exploiting Control Device Vulnerabilities: Attacking Cyber-Physical Water System 2022 32nd Conference of Open Innovations Association (FRUCT). 10.23919/FRUCT56874.2022.9953826. 978-952-69244-8-9. (270-279).

    https://ieeexplore.ieee.org/document/9953826/

  • Jiang Z, Gan S, Herrera A, Toffalini F, Romerio L, Tang C, Egele M, Zhang C and Payer M. Evocatio. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. (1599-1613).

    https://doi.org/10.1145/3548606.3560575

  • Sedkowski W and Bierczynski K. (2022). Perceived severity of vulnerability in cybersecurity: cross linguistic variegation 2022 IEEE International Carnahan Conference on Security Technology (ICCST). 10.1109/ICCST52959.2022.9896488. 978-1-6654-9363-5. (1-4).

    https://ieeexplore.ieee.org/document/9896488/

  • Le T and Babar M. On the use of fine-grained vulnerable code statements for software vulnerability assessment models. Proceedings of the 19th International Conference on Mining Software Repositories. (621-633).

    https://doi.org/10.1145/3524842.3528433

  • Costa J, Roxo T, Sequeiros J, Proenca H and Inacio P. Predicting CVSS Metric via Description Interpretation. IEEE Access. 10.1109/ACCESS.2022.3179692. 10. (59125-59134).

    https://ieeexplore.ieee.org/document/9786831/

  • Babalau I, Corlatescu D, Grigorescu O, Sandescu C and Dascalu M. (2021). Severity Prediction of Software Vulnerabilities based on their Text Description 2021 23rd International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC). 10.1109/SYNASC54541.2021.00037. 978-1-6654-0650-5. (171-177).

    https://ieeexplore.ieee.org/document/9700266/

  • Shahid M and Debar H. (2021). CVSS-BERT: Explainable Natural Language Processing to Determine the Severity of a Computer Security Vulnerability from its Description 2021 20th IEEE International Conference on Machine Learning and Applications (ICMLA). 10.1109/ICMLA52953.2021.00256. 978-1-6654-4337-1. (1600-1607).

    https://ieeexplore.ieee.org/document/9680155/

  • Minh Le T, Hin D, Croft R and Ali Babar M. (2021). DeepCVA: Automated Commit-level Vulnerability Assessment with Deep Multi-task Learning 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE). 10.1109/ASE51524.2021.9678622. 978-1-6654-0337-5. (717-729).

    https://ieeexplore.ieee.org/document/9678622/

  • Nowak M, Walkowski M and Sujecki S. (2021). Conversion of CVSS Base Score from 2.0 to 3.1 2021 International Conference on Software, Telecommunications and Computer Networks (SoftCOM). 10.23919/SoftCOM52868.2021.9559092. 978-953-290-109-2. (1-3).

    https://ieeexplore.ieee.org/document/9559092/

  • Nikonov A, Vulfin A, Vasilyev V, Kirillova A and Mikhailov V. (2021). System for Estimation CVSS Severity Metrics of Vulnerability Based on Text Mining Technology 2021 International Conference on Information Technology and Nanotechnology (ITNT). 10.1109/ITNT52450.2021.9649232. 978-1-6654-3217-7. (1-5).

    https://ieeexplore.ieee.org/document/9649232/

  • Kuehn P, Bayer M, Wendelborn M and Reuter C. OVANA: An Approach to Analyze and Improve the Information Quality of Vulnerability Databases. Proceedings of the 16th International Conference on Availability, Reliability and Security. (1-11).

    https://doi.org/10.1145/3465481.3465744

  • Boechat F, Ribas G, Senos L, Bicudo M, Nogueira M, Pfleger de Aguiar L and Menasche D. Is Vulnerability Report Confidence Redundant? Pitfalls Using Temporal Risk Scores. IEEE Security & Privacy. 10.1109/MSEC.2021.3070978. 19:4. (44-53).

    https://ieeexplore.ieee.org/document/9424216/

  • Nowak M, Walkowski M and Sujecki S. (2021). Machine Learning Algorithms for Conversion of CVSS Base Score from 2.0 to 3.x. Computational Science – ICCS 2021. 10.1007/978-3-030-77967-2_21. (255-269).

    https://link.springer.com/10.1007/978-3-030-77967-2_21

  • Mézešová T, Sokol P and Bajtoš T. (2020). Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks. Information. 10.3390/info11110537. 11:11. (537).

    https://www.mdpi.com/2078-2489/11/11/537