The National Vulnerability Disclosure Database is an invaluable source of information for security professionals and researchers. However, in some cases, a vulnerability report is initially published with incomplete information, a situation that complicates incident response and mitigation. In this paper, we perform an empirical study of vulnerabilities that are initially submitted with an incomplete report, and present key findings related to their frequency, nature, and the time needed to update them. We further present a novel ticketing process that is tailored to addressing the problems related to such vulnerabilities and demonstrate the use of this system with a real-life use case.
翻译:国家脆弱性披露数据库是安全专业人员和研究人员的宝贵信息来源,但在某些情况下,最初发表的脆弱性报告的信息不完整,使事件应对和缓解工作复杂化;在本文件中,我们对脆弱性进行了经验性研究,最初提交的报告不完整,并介绍了与脆弱性的频率、性质和更新时间有关的主要调查结果;还提出了新的入门程序,专门解决与脆弱性有关的问题,并用实际使用案例来证明对该系统的使用。</s>
相关内容
微信扫码咨询专知VIP会员