The National Vulnerability Disclosure Database is an invaluable source of
information for security professionals and researchers. However, in some cases,
a vulnerability report is initially published with incomplete information, a
situation that complicates incident response and mitigation. In this paper, we
perform an empirical study of vulnerabilities that are initially submitted with
an incomplete report, and present key findings related to their frequency,
nature, and the time needed to update them. We further present a novel
ticketing process that is tailored to addressing the problems related to such
vulnerabilities and demonstrate the use of this system with a real-life use
case.
Related Stories
March 24, 2023