Differences

This shows you the differences between two versions of the page.

--- datasets [2015/08/26 18:50] – [Users] luca.allodi@unitn.it
+++ datasets [2021/01/29 10:58] (current) – external edit 127.0.0.1
@@ Line 18: / Line 18: @@
   * **IEV** lists the vulnerabilities for //Internet Explorer// extracted from the Microsoft Security Bulletin and integrated with the NVD to reconstruct affected versions.
   * **ASV** Vulnerabilities of the Safari Web Browser extracted from the Apple Knowledge Base and integrated with the NVD to reconstruct affected versions.
+  * **ESEJ** is the list of vulnerabilities in Google Chrome and Mozilla Firefox along with ranges of major versions affected by each vulnerability. For each vulnerability, the dataset contains two affected version ranges: (1) vulnerable versions according to the NVD (“version X and all previous versions”); (2) vulnerable versions based on the vulnerable code evidence (identified by our algorithm).
+  * **COMPR**ehension is a dataset collected in a series of controlled experiments on Model Comprehension for Security Risk Assessment.
+  * **Delta-Bench** collects revisions of Apache Tomcat 6.0 - 8.5 with security fixes of various CVEs.
 ==== How to Access the Data  ====
   - Write us at <security-dataREMOVESPAM@disi.unitn.it> to see if the data is what you actually want (the email alias will expand to the researchers who worked on the datasets);
   - Specify the initial purpose for which you would like to use the data (this will go in the formal licence and in the web page with your name attached to it);
-  - We will fill the licensing agreement {{:unitn_license_v2.6.pdf|}} with your data and the head of department (or a tenured full professor of department) should sign it;
+  - We will fill the licensing agreement {{:unitn_license_v4.0.pdf|(see uncompiled license)}} with your data and the head of department (or a tenured full professor of department) should sign it;
   - We will return the signed copy of the agreement and the excel file;
   - Report to us at <security-dataREMOVESPAM@disi.unitn.it> the publications based on the data which should be include the citation to our appropriate paper;
@@ Line 55: / Line 58: @@
     * Competence Center Security at DAI-Labor is a security research group, and in one of our current public-grant research projects, Auvegos, we develop a discrete-event simulation software for performing security analysis in network infrastructures, especially in the context of e-government. To this end, we generate or explicitly model of the domain networks to assess, and we associate the nodes in this network with CPE and CVE information. Based on this, we perform algorithmic computations (Attack Graph Generation, MDP-based risk assessment,...) and evaluate the effectiveness of potential mitigation strategies via simulation runs. The requested datasets would be used to generate input for the aforementioned simulation tool.
-. **MITRE**
+. **MITRE Corporation**
+    * Investigation on which CVEs are exploited by malicious exploit kits. [Scientist in charge: Aaron Powell]
+. **MIT Sloan School of Management (Massachusetts Institute of Technology) **
+    * Evaluation of security practice use in relation to how and when vulnerabilities are discovered and resolved in software development projects; evolution of the vulnerability discovery and resolution process over time in software development projects.[Scientists in charge: Stuart Madnick, Michael Siegel, James Houghton].
+. ** Pierre Trepagnier and James Riordan **
+  * Investigating the probability that a given vulnerability will be exploited as a function of (a) its CVSS base score as well as (b) other possible markers which are available at the time the vulnerability is first noted.
+. ** NCSU (North Carolina State University)**
+  * Evaluation of security practice use in relation to how and when vulnerabilities are discovered and resolved in software development projects; evolution of the vulnerability discovery and resolution process over time in so[Users] ftware development projects [Scientists in charge: Laurie Williams, Patrick Morrison, Rahul Pandita]
+. ** ECNU (East China Normal University) **
+  *   Research on building vulnerability prediction models and comparing the experimental results with previous studies conducted by DISI Security Research Group [Scientists in charge: Xiangxue Li, Liang He, Limin Yang]
+. ** GWU (George Washington University) **
+  * Dissertation research regarding vulnerability discovery modeling [Scientists in charge: Reuben Johnston, Thomas Mazzuchi].
+. ** IIIT-Delhi (Indraprastha Institute of Information Technology, Delhi) **
+  * Understanding and predicting vulnerabilities by leveraging online contents (Scientists in charge: Baani Leen Kaur Jolly, Tanmoy Chakraborty)
-    * MITRE is a non-profit organization that conducts research in the public interest.  We are conducting research on ways of making vulnerability management more efficient and effective and your work on the limitations of CVSS is important to understanding how best to improve vulnerability management prioritization. Among other things, we are particularly interested in taking advantage of the work you've already done to identify which CVEs are exploited by malicious exploit kits.