ISSN: 2582-8266 (Online) || ISSN Approved Journal || Google Scholar Indexed || Impact Factor: 9.48 || Crossref DOI
Limitations of modern vulnerability scanners and CVE Systems
1 Chief Technology Officer at CQR Cybersecurity.
2 Senior Penetration Tester.
Review
World Journal of Advanced Engineering Technology and Sciences, 2024, 12(02), 973-989.
Article DOI: 10.30574/wjaets.2024.12.2.0348
Publication history:
Received on 20 June 2024; revised on 27 July 2024; accepted on 29 July 2024
Abstract:
The identification of vulnerabilities in dealing with potential attacks can only be effective for the cybersecurity landscape if it is accurate and in a timely manner. The Common Vulnerabilities and Exposures (CVE) system, that is, the system owned by the National Institute of Standards and Technology (NIST), is an anchor for the identification and tracking of vulnerabilities on a global scale. Modern vulnerability scanners, though that are based on CVE data, have many drawbacks because of inconsistencies and incompleteness of the CVE reporting formats, namely, NIST University format. This research takes a critical look at such limitations mentioned above, identifying challenging areas such as non-standardized data, false positives and negatives, and trivial CVE assignments that diminish scanner effectiveness. The study compares several tools for vulnerability assessment and examines current mechanisms for real-time CVE tracking in the light of numerous recommendations to improve standardization and cooperation for the increased usefulness and accuracy of vulnerability detection in the course of academic research and real-world cybersecurity operations.
Keywords:
Vulnerability scanners; CVE system; Data standardization; Real-time tracking; Vulnerability detection; Scanner interoperability
Full text article in PDF:
Copyright information:
Copyright © 2024 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0