| datacite.subject.fos | Ciências Naturais::Ciências da Computação e da Informação | |
| dc.contributor.author | Brilhante, Maria de Fátima | |
| dc.contributor.author | Pestana, Pedro Duarte | |
| dc.contributor.author | Rocha, Maria Luísa | |
| dc.contributor.author | Sequeira, Fernando | |
| dc.contributor.editor | Henriques-Rodrigues, L. | |
| dc.contributor.editor | Menezes, R. | |
| dc.contributor.editor | Faria, S. | |
| dc.date.accessioned | 2026-01-08T15:16:21Z | |
| dc.date.available | 2026-01-08T15:16:21Z | |
| dc.date.issued | 2024 | |
| dc.description.abstract | Using the Kolmogorov–Smirnov, Cramér–von Mises and Anderson– Darling tests, and the not so commonly applied Vuong’s test, it is shown that a two components hyperlog-logistic distribution, i.e., a mixture of two geo-max-stable log-logistic distributions, provides a good fit for the time from disclosure to update of vulnerabilities sampled from the CVEdetails.com database. It is also shown that the hyperlog-logistic distribution provides a better fit than a heavy-tailed distribution of maxima, or a log-logistic distribution, or even a heavy-tailed two components hyperexponential distribution. Moreover, ways of incorporating uncertainty and of modeling vulnerabilities lifecycle into the Common Vulnerabilities Scoring System (CVSS), the most widely used score to assess severity of vulnerabilities, are discussed, in order to obtain an improved CVSS calculator and the evolution of a score over time. | eng |
| dc.identifier.citation | Fátima Brilhante, M., Pestana, P., Luísa Rocha, M., Sequeira, F. (2024). Risk Assessment of Vulnerabilities Exploitation. In: Henriques-Rodrigues, L., Menezes, R., Machado, L.M., Faria, S., de Carvalho, M. (eds) New Frontiers in Statistics and Data Science. Springer Proceedings in Mathematics & Statistics, vol 469. Springer, Cham. | |
| dc.identifier.doi | 10.1007/978-3-031-68949-9_6 | |
| dc.identifier.isbn | 978-3-031-68949-9 | |
| dc.identifier.uri | http://hdl.handle.net/10400.2/20710 | |
| dc.language.iso | eng | |
| dc.peerreviewed | yes | |
| dc.publisher | Springer | |
| dc.rights.uri | N/A | |
| dc.subject | Vulnerabilities | |
| dc.subject | Vulnerability Life-Cycle | |
| dc.subject | Heavy-Tailed Distributions | |
| dc.subject | Hyperlog-logistic Distribution | |
| dc.subject | CVSS Modifier | |
| dc.title | Risk assessment of vulnerabilities exploitation | eng |
| dc.type | book part | |
| dspace.entity.type | Publication | |
| oaire.citation.endPage | 82 | |
| oaire.citation.startPage | 70 | |
| oaire.citation.title | New Frontiers in Statistics and Data Science | |
| oaire.citation.volume | 469 | |
| oaire.version | http://purl.org/coar/version/c_970fb48d4fbd8a85 | |
| person.affiliation.name | Universidade Aberta | |
| person.familyName | Pestana | |
| person.givenName | Pedro Duarte | |
| person.identifier.ciencia-id | 2714-8A7B-5CCA | |
| person.identifier.orcid | 0000-0002-3406-1077 | |
| person.identifier.rid | E-7273-2016 | |
| person.identifier.scopus-author-id | 56074016300 | |
| relation.isAuthorOfPublication | 755592cd-7905-4c94-9eba-1bb83ce10355 | |
| relation.isAuthorOfPublication.latestForDiscovery | 755592cd-7905-4c94-9eba-1bb83ce10355 |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- Risk-Assessment-of-Vulnerabilities-Exploitation.pdf
- Size:
- 1.12 MB
- Format:
- Adobe Portable Document Format
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 1.97 KB
- Format:
- Item-specific license agreed upon to submission
- Description: