{"id":"https://openalex.org/W4392996195","doi":"https://doi.org/10.1145/3648610","title":"A Survey on Software Vulnerability Exploitability Assessment","display_name":"A Survey on Software Vulnerability Exploitability Assessment","publication_year":2024,"publication_date":"2024-03-20","ids":{"openalex":"https://openalex.org/W4392996195","doi":"https://doi.org/10.1145/3648610"},"language":"en","primary_location":{"id":"doi:10.1145/3648610","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3648610","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3648610","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3648610","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082701913","display_name":"Sarah Elder","orcid":"https://orcid.org/0000-0002-5881-4619"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Sarah Elder","raw_affiliation_strings":["North Carolina State University, Raleigh, USA"],"raw_orcid":"https://orcid.org/0000-0002-5881-4619","affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101684353","display_name":"Md Rayhanur Rahman","orcid":"https://orcid.org/0000-0003-4980-7350"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Md Rayhanur Rahman","raw_affiliation_strings":["North Carolina State University, Raleigh, USA"],"raw_orcid":"https://orcid.org/0000-0003-4980-7350","affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5094201052","display_name":"Gage Fringer","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gage Fringer","raw_affiliation_strings":["North Carolina State University, Raleigh, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054967207","display_name":"Kunal Kapoor","orcid":"https://orcid.org/0009-0008-8369-4293"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kunal Kapoor","raw_affiliation_strings":["North Carolina State University, Raleigh, USA"],"raw_orcid":"https://orcid.org/0009-0008-8369-4293","affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028171895","display_name":"Laurie Williams","orcid":"https://orcid.org/0000-0003-3300-6540"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Laurie Williams","raw_affiliation_strings":["North Carolina State University, Raleigh, USA"],"raw_orcid":"https://orcid.org/0000-0003-3300-6540","affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, USA","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5082701913"],"corresponding_institution_ids":["https://openalex.org/I137902535"],"apc_list":null,"apc_paid":null,"fwci":10.2373,"has_fulltext":true,"cited_by_count":23,"citation_normalized_percentile":{"value":0.98571724,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"56","issue":"8","first_page":"1","last_page":"41"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8754339218139648},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.788133978843689},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.7116906642913818},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.6180393695831299},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5020339488983154},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.4022148549556732},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.33875399827957153},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.334434449672699},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3334633708000183}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8754339218139648},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.788133978843689},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.7116906642913818},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.6180393695831299},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5020339488983154},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.4022148549556732},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.33875399827957153},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.334434449672699},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3334633708000183},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3648610","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3648610","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3648610","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3648610","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3648610","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3648610","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6899951267","display_name":null,"funder_award_id":"1909516","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4392996195.pdf","grobid_xml":"https://content.openalex.org/works/W4392996195.grobid-xml"},"referenced_works_count":100,"referenced_works":["https://openalex.org/W4214443","https://openalex.org/W150078352","https://openalex.org/W199832099","https://openalex.org/W384698140","https://openalex.org/W855528594","https://openalex.org/W1506734376","https://openalex.org/W1603939896","https://openalex.org/W1633140981","https://openalex.org/W1971733255","https://openalex.org/W1985324839","https://openalex.org/W1999265552","https://openalex.org/W2002750511","https://openalex.org/W2004584049","https://openalex.org/W2044625105","https://openalex.org/W2051990174","https://openalex.org/W2057698738","https://openalex.org/W2069910799","https://openalex.org/W2077937403","https://openalex.org/W2098820313","https://openalex.org/W2108246235","https://openalex.org/W2108629901","https://openalex.org/W2113864883","https://openalex.org/W2115095269","https://openalex.org/W2135200607","https://openalex.org/W2137549954","https://openalex.org/W2148156428","https://openalex.org/W2161911917","https://openalex.org/W2162142914","https://openalex.org/W2164777277","https://openalex.org/W2230304269","https://openalex.org/W2296488620","https://openalex.org/W2297096600","https://openalex.org/W2484035097","https://openalex.org/W2486009918","https://openalex.org/W2514974017","https://openalex.org/W2534610146","https://openalex.org/W2564147261","https://openalex.org/W2565077509","https://openalex.org/W2570094557","https://openalex.org/W2588932942","https://openalex.org/W2603292144","https://openalex.org/W2610800826","https://openalex.org/W2612764117","https://openalex.org/W2740643205","https://openalex.org/W2765857833","https://openalex.org/W2765999687","https://openalex.org/W2767925973","https://openalex.org/W2774398706","https://openalex.org/W2775532270","https://openalex.org/W2780532113","https://openalex.org/W2785836523","https://openalex.org/W2790986693","https://openalex.org/W2793427727","https://openalex.org/W2794283311","https://openalex.org/W2808249021","https://openalex.org/W2888865233","https://openalex.org/W2890264517","https://openalex.org/W2897668282","https://openalex.org/W2899922619","https://openalex.org/W2902040535","https://openalex.org/W2906631928","https://openalex.org/W2914724518","https://openalex.org/W2914982603","https://openalex.org/W2944946729","https://openalex.org/W2953482317","https://openalex.org/W2955221586","https://openalex.org/W2963321189","https://openalex.org/W2963926786","https://openalex.org/W2964080672","https://openalex.org/W2982413960","https://openalex.org/W2983519477","https://openalex.org/W2984993098","https://openalex.org/W2985831349","https://openalex.org/W3000845437","https://openalex.org/W3002169893","https://openalex.org/W3015316038","https://openalex.org/W3015380456","https://openalex.org/W3040158574","https://openalex.org/W3041936634","https://openalex.org/W3048335302","https://openalex.org/W3080878745","https://openalex.org/W3084558590","https://openalex.org/W3088767213","https://openalex.org/W3102673518","https://openalex.org/W3102727295","https://openalex.org/W3110850697","https://openalex.org/W3116888547","https://openalex.org/W3168270921","https://openalex.org/W3175201754","https://openalex.org/W3175545355","https://openalex.org/W3184339106","https://openalex.org/W3196518598","https://openalex.org/W4200405839","https://openalex.org/W4211007328","https://openalex.org/W4285231117","https://openalex.org/W4285490369","https://openalex.org/W4287073343","https://openalex.org/W4308643127","https://openalex.org/W4312793626","https://openalex.org/W4384948700"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2062873522","https://openalex.org/W2947584067","https://openalex.org/W2280562859","https://openalex.org/W230721595","https://openalex.org/W3157230915","https://openalex.org/W1496728123","https://openalex.org/W2789975780"],"abstract_inverted_index":{"Knowing":[0],"the":[1,74,80],"exploitability":[2,21,42,47,53],"and":[3,17,33,68,90],"severity":[4],"of":[5,26,46],"software":[6],"vulnerabilities":[7],"helps":[8],"practitioners":[9,32],"prioritize":[10],"vulnerability":[11,41],"mitigation":[12],"efforts.":[13],"Researchers":[14],"have":[15],"proposed":[16],"evaluated":[18],"many":[19],"different":[20],"assessment":[22,48,54],"methods.":[23],"The":[24],"goal":[25],"this":[27],"research":[28],"is":[29],"to":[30],"assist":[31],"researchers":[34],"in":[35],"understanding":[36],"existing":[37],"methods":[38],"for":[39],"assessing":[40],"through":[43],"a":[44],"survey":[45],"literature.":[49],"We":[50],"identify":[51],"three":[52],"approaches:":[55],"assessments":[56],"based":[57],"on":[58],"original,":[59],"manual":[60],"Common":[61,76],"Vulnerability":[62,77],"Scoring":[63,78],"System,":[64,79],"automated":[65,69],"Deterministic":[66],"assessments,":[67],"Probabilistic":[70,91],"assessments.":[71,94],"Other":[72],"than":[73],"original":[75],"two":[81],"most":[82],"common":[83],"sub-categories":[84],"are":[85],"Deterministic,":[86],"Program":[87],"State":[88],"based,":[89],"learning":[92],"model":[93]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":15},{"year":2024,"cited_by_count":4}],"updated_date":"2026-05-21T09:19:25.381259","created_date":"2025-10-10T00:00:00"}