{"id":"https://openalex.org/W4285296041","doi":"https://doi.org/10.1109/access.2022.3185069","title":"Automated Risk Management Based Software Security Vulnerabilities Management","display_name":"Automated Risk Management Based Software Security Vulnerabilities Management","publication_year":2022,"publication_date":"2022-01-01","ids":{"openalex":"https://openalex.org/W4285296041","doi":"https://doi.org/10.1109/access.2022.3185069"},"language":"en","primary_location":{"id":"doi:10.1109/access.2022.3185069","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2022.3185069","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09802103.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09802103.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016770314","display_name":"Raghavendra Rao Althar","orcid":"https://orcid.org/0000-0001-5859-0662"},"institutions":[{"id":"https://openalex.org/I48018076","display_name":"Christ University","ror":"https://ror.org/022tv9y30","country_code":"IN","type":"education","lineage":["https://openalex.org/I48018076"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Raghavendra Rao Althar","raw_affiliation_strings":["Data Science Department, CHRIST University, Bangalore, Karnataka, India"],"raw_orcid":"https://orcid.org/0000-0001-5859-0662","affiliations":[{"raw_affiliation_string":"Data Science Department, CHRIST University, Bangalore, Karnataka, India","institution_ids":["https://openalex.org/I48018076"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027099057","display_name":"Debabrata Samanta","orcid":"https://orcid.org/0000-0003-4118-2480"},"institutions":[{"id":"https://openalex.org/I48018076","display_name":"Christ University","ror":"https://ror.org/022tv9y30","country_code":"IN","type":"education","lineage":["https://openalex.org/I48018076"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Debabrata Samanta","raw_affiliation_strings":["Department of Computer Science, CHRIST University, Bangalore, Karnataka, India"],"raw_orcid":"https://orcid.org/0000-0003-4118-2480","affiliations":[{"raw_affiliation_string":"Department of Computer Science, CHRIST University, Bangalore, Karnataka, India","institution_ids":["https://openalex.org/I48018076"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101898959","display_name":"Manjit Kaur","orcid":"https://orcid.org/0000-0001-8804-9172"},"institutions":[{"id":"https://openalex.org/I39534123","display_name":"Gwangju Institute of Science and Technology","ror":"https://ror.org/024kbgz78","country_code":"KR","type":"education","lineage":["https://openalex.org/I39534123"]},{"id":"https://openalex.org/I4210139379","display_name":"First American (United States)","ror":"https://ror.org/03f69w292","country_code":"US","type":"company","lineage":["https://openalex.org/I4210139379"]}],"countries":["KR","US"],"is_corresponding":false,"raw_author_name":"Manjit Kaur","raw_affiliation_strings":["QMS, First American India Private Ltd., Bangalore, Karnataka, India","Gwangju Institute of Science and Technology, Gwangju, South Korea"],"raw_orcid":"https://orcid.org/0000-0001-8804-9172","affiliations":[{"raw_affiliation_string":"QMS, First American India Private Ltd., Bangalore, Karnataka, India","institution_ids":["https://openalex.org/I4210139379"]},{"raw_affiliation_string":"Gwangju Institute of Science and Technology, Gwangju, South Korea","institution_ids":["https://openalex.org/I39534123"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013150230","display_name":"Dilbag Singh","orcid":"https://orcid.org/0000-0001-6475-4491"},"institutions":[{"id":"https://openalex.org/I39534123","display_name":"Gwangju Institute of Science and Technology","ror":"https://ror.org/024kbgz78","country_code":"KR","type":"education","lineage":["https://openalex.org/I39534123"]},{"id":"https://openalex.org/I4210139379","display_name":"First American (United States)","ror":"https://ror.org/03f69w292","country_code":"US","type":"company","lineage":["https://openalex.org/I4210139379"]}],"countries":["KR","US"],"is_corresponding":false,"raw_author_name":"Dilbag Singh","raw_affiliation_strings":["QMS, First American India Private Ltd., Bangalore, Karnataka, India","Gwangju Institute of Science and Technology, Gwangju, South Korea"],"raw_orcid":"https://orcid.org/0000-0001-6475-4491","affiliations":[{"raw_affiliation_string":"QMS, First American India Private Ltd., Bangalore, Karnataka, India","institution_ids":["https://openalex.org/I4210139379"]},{"raw_affiliation_string":"Gwangju Institute of Science and Technology, Gwangju, South Korea","institution_ids":["https://openalex.org/I39534123"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034347136","display_name":"Heung-No Lee","orcid":"https://orcid.org/0000-0001-8528-5778"},"institutions":[{"id":"https://openalex.org/I39534123","display_name":"Gwangju Institute of Science and Technology","ror":"https://ror.org/024kbgz78","country_code":"KR","type":"education","lineage":["https://openalex.org/I39534123"]},{"id":"https://openalex.org/I4210139379","display_name":"First American (United States)","ror":"https://ror.org/03f69w292","country_code":"US","type":"company","lineage":["https://openalex.org/I4210139379"]}],"countries":["KR","US"],"is_corresponding":false,"raw_author_name":"Heung-No Lee","raw_affiliation_strings":["QMS, First American India Private Ltd., Bangalore, Karnataka, India","Gwangju Institute of Science and Technology, Gwangju, South Korea"],"raw_orcid":"https://orcid.org/0000-0001-8528-5778","affiliations":[{"raw_affiliation_string":"QMS, First American India Private Ltd., Bangalore, Karnataka, India","institution_ids":["https://openalex.org/I4210139379"]},{"raw_affiliation_string":"Gwangju Institute of Science and Technology, Gwangju, South Korea","institution_ids":["https://openalex.org/I39534123"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":7.9666,"has_fulltext":true,"cited_by_count":28,"citation_normalized_percentile":{"value":0.97476765,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"10","issue":null,"first_page":"90597","last_page":"90608"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7253614664077759},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5658489465713501},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.5262488722801208},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5218088626861572},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5003199577331543},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.4758555591106415},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.44302380084991455},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.43477460741996765},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.3037463426589966},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.20671677589416504},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.17821693420410156},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.1482197642326355},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1197839081287384}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7253614664077759},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5658489465713501},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.5262488722801208},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5218088626861572},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5003199577331543},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.4758555591106415},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.44302380084991455},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.43477460741996765},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.3037463426589966},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.20671677589416504},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.17821693420410156},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.1482197642326355},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1197839081287384},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2022.3185069","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2022.3185069","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09802103.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:a91a41311744420886ddf9deee4b833b","is_oa":true,"landing_page_url":"https://doaj.org/article/a91a41311744420886ddf9deee4b833b","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 10, Pp 90597-90608 (2022)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2022.3185069","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2022.3185069","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/09802103.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.5099999904632568}],"awards":[{"id":"https://openalex.org/G1410614808","display_name":null,"funder_award_id":"NRF-2021R1A2B5B03002118","funder_id":"https://openalex.org/F4320322030","funder_display_name":"Ministry of Science, ICT and Future Planning"},{"id":"https://openalex.org/G8166863427","display_name":null,"funder_award_id":"NRF-2021R1A2B5B03002118","funder_id":"https://openalex.org/F4320322120","funder_display_name":"National Research Foundation of Korea"}],"funders":[{"id":"https://openalex.org/F4320320671","display_name":"National Research Foundation","ror":"https://ror.org/05s0g1g46"},{"id":"https://openalex.org/F4320322030","display_name":"Ministry of Science, ICT and Future Planning","ror":"https://ror.org/032e49973"},{"id":"https://openalex.org/F4320322120","display_name":"National Research Foundation of Korea","ror":"https://ror.org/013aysd81"},{"id":"https://openalex.org/F4320335489","display_name":"Institute for Information and Communications Technology Promotion","ror":"https://ror.org/01g0hqq23"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4285296041.pdf","grobid_xml":"https://content.openalex.org/works/W4285296041.grobid-xml"},"referenced_works_count":38,"referenced_works":["https://openalex.org/W110007310","https://openalex.org/W179367048","https://openalex.org/W875780076","https://openalex.org/W1497444954","https://openalex.org/W2062583373","https://openalex.org/W2112022457","https://openalex.org/W2223652430","https://openalex.org/W2278665942","https://openalex.org/W2298172707","https://openalex.org/W2612404666","https://openalex.org/W2619636279","https://openalex.org/W2768875238","https://openalex.org/W2828409123","https://openalex.org/W2906691034","https://openalex.org/W2943650850","https://openalex.org/W2982695958","https://openalex.org/W2984723610","https://openalex.org/W3000845437","https://openalex.org/W3003561099","https://openalex.org/W3006558576","https://openalex.org/W3043428550","https://openalex.org/W3090829429","https://openalex.org/W3090907514","https://openalex.org/W3129023747","https://openalex.org/W3139008799","https://openalex.org/W3170060955","https://openalex.org/W3197664106","https://openalex.org/W3199269774","https://openalex.org/W3200434061","https://openalex.org/W3204545786","https://openalex.org/W4200041731","https://openalex.org/W4206684145","https://openalex.org/W4241570161","https://openalex.org/W4243862372","https://openalex.org/W4250918782","https://openalex.org/W4254805562","https://openalex.org/W4285525754","https://openalex.org/W6864546407"],"related_works":["https://openalex.org/W2383958993","https://openalex.org/W3043810321","https://openalex.org/W2560421591","https://openalex.org/W2892115998","https://openalex.org/W2537414278","https://openalex.org/W2796094063","https://openalex.org/W2123075981","https://openalex.org/W1978034799","https://openalex.org/W2062583373","https://openalex.org/W4384518368"],"abstract_inverted_index":{"An":[0],"automated":[1],"risk":[2,273],"assessment":[3],"approach":[4,19,93,98,182],"is":[5,12,60,86,175,209,282],"explored":[6,77,158],"in":[7,27,61,136,269],"this":[8,82],"work.":[9],"The":[10,84,205,272],"focus":[11,85],"to":[13,20,51,87,151,178,225],"optimize":[14],"the":[15,28,62,89,101,105,124,144,189,212,227,231,248,253,261,277,283,291],"conventional":[16],"threat":[17,54,91,279],"modeling":[18,55,92,280],"explore":[21],"software":[22,29,65,111,125,145,166,190,249,270,292],"system":[23,268],"vulnerabilities.":[24],"Data":[25],"produced":[26],"development":[30,66,112,126,167],"processes":[31,67],"are":[32,76,108,223],"better":[33,96,155],"leveraged":[34,50,224],"using":[35],"Machine":[36],"Learning":[37],"approaches.":[38,56],"A":[39,192],"large":[40],"amount":[41],"of":[42,64,110,143,165,195,236,247],"industry":[43,221,232,237,254],"knowledge":[44,222],"around":[45],"security":[46,141,186,228,266],"vulnerabilities":[47],"can":[48],"be":[49,203],"enhance":[52,88],"current":[53],"Work":[57],"done":[58],"here":[59],"ecosystem":[63],"that":[68],"use":[69],"Agile":[70],"methodology.":[71],"Insurance":[72],"business":[73,207],"domain":[74,208],"data":[75,120,131,240,257],"as":[78],"a":[79,95,176,184,244],"target":[80],"for":[81,183,188,211,263],"study.":[83],"traditional":[90],"with":[94,140,276,297],"quantitative":[97,278],"and":[99,153,168,199,238,255,295],"reduce":[100],"biases":[102],"introduced":[103],"by":[104],"people":[106],"who":[107],"part":[109],"processes.":[113],"This":[114,147,234,286],"effort":[115],"will":[116,134,202,241],"help":[117,242],"bridge":[118],"multiple":[119],"sources":[121,132],"prevalent":[122],"across":[123],"ecosystem.":[127],"Bringing":[128],"these":[129],"various":[130],"together":[133],"assist":[135],"understanding":[137],"patterns":[138],"associated":[139],"aspects":[142],"systems.":[146,191],"perspective":[148],"further":[149],"helps":[150,258],"understand":[152],"devise":[154],"controls.":[156],"Approaches":[157],"so":[159],"far":[160],"have":[161],"considered":[162,210],"individual":[163],"areas":[164],"their":[169],"influence":[170],"on":[171],"improving":[172],"security.":[173,251],"There":[174],"need":[177],"build":[179],"an":[180,264],"integrated":[181,265],"total":[185],"solution":[187],"wide":[193],"variety":[194],"machine":[196],"learning":[197],"approaches":[198,201],"ensemble":[200],"explored.":[204],"insurance":[206],"research":[213],"here.":[214],"CWE":[215],"(Common":[216],"Weaknesses":[217],"Enumeration)":[218],"mapping":[219],"from":[220,230],"validate":[226],"needs":[229],"perspective.":[233],"combination":[235],"company":[239,256],"get":[243],"holistic":[245],"picture":[246],"system&#x2019;s":[250],"Combining":[252],"lay":[259],"down":[260],"path":[262],"management":[267,274],"development.":[271],"framework":[275],"process":[281],"work&#x2019;s":[284],"uniqueness.":[285],"work":[287],"contributes":[288],"towards":[289],"making":[290],"systems":[293],"secure":[294],"robust":[296],"time.":[298]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}