2019-10-25: Summary of "Proactive Identification of Exploits in the Wild Through Vulnerability Mentions Online"
Figure 1 Disclosed Vulnerabilities by Year (Source: CVE Details ) The number of software vulnerabilities discovered and disclosed to the public is steadily increasing every year. As shown in Figure 1, in 2018 alone, more than 16,000 Common Vulnerabilities and Exposures ( CVE ) identifiers were assigned by various CVE Numbering Authorities (CNA) . CNAs are organizations from around the world that are authorized to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope. In the presence of voluminous amounts of data and limited skilled cyber security resources , organizations are challenged to identify the vulnerabilities that pose the greatest risk to their technology resources. One of the key reasons the current approaches to cyber vulnerability remediation are ineffective is that organizations cannot effectively determine whether a given vulnerability poses a meaningful threat. In their paper, " Proactive Identifica...