{"id":"https://openalex.org/W4410341841","doi":"https://doi.org/10.1109/icnc64010.2025.10994117","title":"A Product-Oriented Assessment of Vulnerability Severity Through NVD CVSS Scores","display_name":"A Product-Oriented Assessment of Vulnerability Severity Through NVD CVSS Scores","publication_year":2025,"publication_date":"2025-02-17","ids":{"openalex":"https://openalex.org/W4410341841","doi":"https://doi.org/10.1109/icnc64010.2025.10994117"},"language":"en","primary_location":{"id":"doi:10.1109/icnc64010.2025.10994117","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icnc64010.2025.10994117","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Computing, Networking and Communications (ICNC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5022133349","display_name":"Lucas Miranda","orcid":null},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":true,"raw_author_name":"Lucas Miranda","raw_affiliation_strings":["Federal Univ. of Rio de Janeiro,RJ,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal Univ. of Rio de Janeiro,RJ,Brazil","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070320187","display_name":"Lucas Senos","orcid":null},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Lucas Senos","raw_affiliation_strings":["Federal Univ. of Rio de Janeiro,RJ,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal Univ. of Rio de Janeiro,RJ,Brazil","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034604991","display_name":"Daniel Sadoc Menasch\u00e9","orcid":"https://orcid.org/0000-0002-8953-4003"},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Daniel Menasch\u00e9","raw_affiliation_strings":["Federal Univ. of Rio de Janeiro,RJ,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal Univ. of Rio de Janeiro,RJ,Brazil","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101960107","display_name":"Gaurav Srivastava","orcid":"https://orcid.org/0000-0003-3139-4439"},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gaurav Srivastava","raw_affiliation_strings":["Siemens Corporate Technology,Princeton,NJ"],"affiliations":[{"raw_affiliation_string":"Siemens Corporate Technology,Princeton,NJ","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052598260","display_name":"Anton Kocheturov","orcid":"https://orcid.org/0000-0003-2549-9146"},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anton Kocheturov","raw_affiliation_strings":["Siemens Corporate Technology,Princeton,NJ"],"affiliations":[{"raw_affiliation_string":"Siemens Corporate Technology,Princeton,NJ","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052990469","display_name":"Enrico Lovat","orcid":null},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Enrico Lovat","raw_affiliation_strings":["Siemens Corporate Technology,Princeton,NJ"],"affiliations":[{"raw_affiliation_string":"Siemens Corporate Technology,Princeton,NJ","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005248833","display_name":"Abhishek Ramchandran","orcid":"https://orcid.org/0009-0002-9228-1702"},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Abhishek Ramchandran","raw_affiliation_strings":["Siemens Corporate Technology,Princeton,NJ"],"affiliations":[{"raw_affiliation_string":"Siemens Corporate Technology,Princeton,NJ","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015868383","display_name":"Tobias Limmer","orcid":"https://orcid.org/0000-0001-8904-0620"},"institutions":[{"id":"https://openalex.org/I1325886976","display_name":"Siemens (Germany)","ror":"https://ror.org/059mq0909","country_code":"DE","type":"company","lineage":["https://openalex.org/I1325886976"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Tobias Limmer","raw_affiliation_strings":["Siemens AG,Munchen,Germany"],"affiliations":[{"raw_affiliation_string":"Siemens AG,Munchen,Germany","institution_ids":["https://openalex.org/I1325886976"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5022133349"],"corresponding_institution_ids":["https://openalex.org/I122140584"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.11328238,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"238","last_page":"242"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11357","display_name":"Risk and Safety Analysis","score":0.3605000078678131,"subfield":{"id":"https://openalex.org/subfields/1804","display_name":"Statistics, Probability and Uncertainty"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11357","display_name":"Risk and Safety Analysis","score":0.3605000078678131,"subfield":{"id":"https://openalex.org/subfields/1804","display_name":"Statistics, Probability and Uncertainty"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6902055740356445},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5637363791465759},{"id":"https://openalex.org/keywords/product","display_name":"Product (mathematics)","score":0.541581928730011},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5306783318519592},{"id":"https://openalex.org/keywords/medicine","display_name":"Medicine","score":0.2299301028251648},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.14466270804405212},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09031108021736145}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6902055740356445},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5637363791465759},{"id":"https://openalex.org/C90673727","wikidata":"https://www.wikidata.org/wiki/Q901718","display_name":"Product (mathematics)","level":2,"score":0.541581928730011},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5306783318519592},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.2299301028251648},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.14466270804405212},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09031108021736145},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C27415008","wikidata":"https://www.wikidata.org/wiki/Q7256382","display_name":"Psychological intervention","level":2,"score":0.0},{"id":"https://openalex.org/C118552586","wikidata":"https://www.wikidata.org/wiki/Q7867","display_name":"Psychiatry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icnc64010.2025.10994117","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icnc64010.2025.10994117","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Computing, Networking and Communications (ICNC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W2294973055","https://openalex.org/W2767521898","https://openalex.org/W3000845437","https://openalex.org/W3080878745","https://openalex.org/W3214263053","https://openalex.org/W4225658316","https://openalex.org/W4226043105","https://openalex.org/W4285112458","https://openalex.org/W4375945058","https://openalex.org/W4384345694","https://openalex.org/W4391092698","https://openalex.org/W4393145380","https://openalex.org/W4399909337","https://openalex.org/W4399909403","https://openalex.org/W4402264535","https://openalex.org/W4405261839","https://openalex.org/W4405936785","https://openalex.org/W6766458556","https://openalex.org/W6875703726"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2062873522","https://openalex.org/W2947584067","https://openalex.org/W2280562859","https://openalex.org/W230721595","https://openalex.org/W3157230915","https://openalex.org/W1496728123","https://openalex.org/W2789975780"],"abstract_inverted_index":{"Effective":[0],"vulnerability":[1,136,151],"assessment":[2],"is":[3],"critical":[4],"in":[5,12,91],"cybersecurity,":[6],"especially":[7,98],"for":[8,53,56,99,110,154],"prioritizing":[9],"risk":[10,112],"mitigation":[11],"complex":[13],"systems.":[14],"The":[15],"Common":[16,82],"Vulnerability":[17],"Scoring":[18],"System":[19],"(CVSS)":[20],"provides":[21,144],"a":[22,62,147],"standardized":[23],"method":[24],"to":[25,102,122,126,149],"evaluate":[26],"the":[27,35,74,117,131],"severity":[28],"of":[29,65,119,135],"vulnerabilities,":[30],"but":[31],"public":[32],"repositories":[33],"like":[34],"NVD":[36],"often":[37,106],"lack":[38],"direct":[39],"mappings":[40],"between":[41,76],"CVSS":[42,68,93,124],"scores":[43,69,94,125],"and":[44,81,129,133,159],"specific":[45,96,127],"affected":[46],"products.":[47],"This":[48,59],"gap":[49],"complicates":[50],"practical":[51],"decision-making":[52],"stakeholders":[54],"responsible":[55],"remediation":[57],"efforts.":[58],"paper":[60],"presents":[61],"detailed":[63],"analysis":[64],"how":[66],"product-specific":[67],"are":[70],"assigned,":[71],"focusing":[72],"on":[73],"interplay":[75],"CVE":[77],"Numbering":[78],"Authorities":[79],"(CNAs)":[80],"Platform":[83],"Enumeration":[84],"(CPE)":[85],"vendors.":[86],"We":[87],"identify":[88],"key":[89],"challenges":[90],"aligning":[92],"with":[95,146,156],"products,":[97],"applications":[100],"linked":[101],"multiple":[103],"vendors,":[104],"which":[105],"require":[107],"additional":[108],"context":[109],"accurate":[111],"prioritization.":[113],"These":[114],"insights":[115],"support":[116],"creation":[118],"automated":[120],"tools":[121],"link":[123],"products":[128,155],"improve":[130],"transparency":[132],"consistency":[134],"assessments.":[137],"By":[138],"addressing":[139],"these":[140],"gaps,":[141],"this":[142],"work":[143],"practitioners":[145],"framework":[148],"enhance":[150],"prioritization,":[152],"particularly":[153],"diverse":[157],"configurations":[158],"use":[160],"cases.":[161]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}