{"id":"https://openalex.org/W4416061294","doi":"https://doi.org/10.48550/arxiv.2507.05794","title":"Automated Reasoning for Vulnerability Management by Design","display_name":"Automated Reasoning for Vulnerability Management by Design","publication_year":2025,"publication_date":"2025-07-08","ids":{"openalex":"https://openalex.org/W4416061294","doi":"https://doi.org/10.48550/arxiv.2507.05794"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2507.05794","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2507.05794","pdf_url":"https://arxiv.org/pdf/2507.05794","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2507.05794","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059251260","display_name":"Avi Shaked","orcid":"https://orcid.org/0000-0001-7976-1942"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Shaked, Avi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5025878846","display_name":"Nan Messe","orcid":"https://orcid.org/0000-0002-3766-0710"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Messe, Nan","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5059251260"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.7889999747276306,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.7889999747276306,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.04259999841451645,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.04179999977350235,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.8720999956130981},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.8436999917030334},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.6503999829292297},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.4228000044822693},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.41679999232292175},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.38119998574256897},{"id":"https://openalex.org/keywords/mechanism","display_name":"Mechanism (biology)","score":0.3508000075817108}],"concepts":[{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.8720999956130981},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.8436999917030334},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6796000003814697},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.6503999829292297},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5224999785423279},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5081999897956848},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.4228000044822693},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.41679999232292175},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.38119998574256897},{"id":"https://openalex.org/C89611455","wikidata":"https://www.wikidata.org/wiki/Q6804646","display_name":"Mechanism (biology)","level":2,"score":0.3508000075817108},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.329800009727478},{"id":"https://openalex.org/C198783460","wikidata":"https://www.wikidata.org/wiki/Q629173","display_name":"Management system","level":2,"score":0.2955999970436096},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.2935999929904938},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.2793999910354614},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2732999920845032},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.26750001311302185},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.26499998569488525},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.25870001316070557},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.25119999051094055}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2507.05794","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2507.05794","pdf_url":"https://arxiv.org/pdf/2507.05794","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2507.05794","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2507.05794","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2507.05794","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2507.05794","pdf_url":"https://arxiv.org/pdf/2507.05794","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"For":[0],"securing":[1],"systems,":[2],"it":[3],"is":[4],"essential":[5],"to":[6,19,92,98],"manage":[7,49,114],"their":[8],"vulnerability":[9,32,42,105,115],"posture":[10],"and":[11,51,73,111],"design":[12,52,71],"appropriate":[13],"security":[14,26,53,70],"controls.":[15],"Vulnerability":[16],"management":[17,33],"allows":[18,89],"proactively":[20],"address":[21],"vulnerabilities":[22,50,94],"by":[23,82],"incorporating":[24],"pertinent":[25],"controls":[27],"into":[28,67],"systems":[29,45],"designs.":[30,46],"Current":[31],"approaches":[34],"do":[35],"not":[36],"support":[37],"systematic":[38],"reasoning":[39,61,87],"about":[40],"the":[41,65],"postures":[43],"of":[44],"To":[47],"effectively":[48],"controls,":[54,110],"we":[55],"propose":[56],"a":[57,99],"formally":[58],"grounded":[59],"automated":[60,86],"mechanism.":[62],"We":[63],"integrate":[64],"mechanism":[66,88],"an":[68,78],"open-source":[69],"tool":[72],"demonstrate":[74],"its":[75],"application":[76],"through":[77],"illustrative":[79],"example":[80],"driven":[81],"real-world":[83],"challenges.":[84],"The":[85],"system":[90,101],"designers":[91],"identify":[93],"that":[95],"are":[96],"applicable":[97],"specific":[100],"design,":[102],"explicitly":[103],"specify":[104],"mitigation":[106],"options,":[107],"declare":[108],"selected":[109],"thus":[112],"systematically":[113],"postures.":[116]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-10T00:00:00"}