Abstract
Firms and organizations are increasingly facing security issues related to vulnerabilities in their information systems. Firms, especially small and medium-sized enterprises, usually have very limited security resources and thus have difficulty understanding vulnerabilities and fixing them accordingly. This study aims to build a general framework that can help firms understand the characteristics of vulnerabilities in information systems: for instance, what category a specific vulnerability belongs to, what potential risks it poses, and what the key clues are to addressing it. To this end, we collect data on real vulnerabilities that have emerged in firms’ information systems from a popular vulnerability report platform. Features are extracted at four different levels, namely, the word, phrase, topic, and record levels. The experimental results show that the general framework helps characterize the modes and patterns of various types of vulnerabilities. This study contributes to the security literature by providing a deeper understanding of the characteristics of vulnerabilities and their related suggested solutions. Firms can apply this framework to ensure information security.
Highlights
A vulnerability is typically a flaw in the source code, a defect, or even a logic error in the design of software or information systems, which may lead to potentially compromised security for an endpoint or network [1]
We propose a general framework integrating the following functionalities: (1) automatic classification of vulnerabilities into the right categories; (2) automatic prediction of the risk levels of different types of vulnerabilities; and (3) automatic identification of solutions to vulnerabilities in software and information systems
We built a general framework that can automatically categorize vulnerabilities, analyze their risk levels, and deeply evaluate the key topics related to each vulnerability category and the associated solutions
Summary
A vulnerability is typically a flaw in the source code, a defect, or even a logic error in the design of software or information systems, which may lead to potentially compromised security for an endpoint or network [1]. Vulnerabilities might be exploited by hackers, leading to unauthorized access to information systems, theft of important data, or even destruction of the entire system. A security failure in one of these information systems could lead to huge losses for firms. It is reported that over 60% of online banks have a poor or extremely poor level of protection, and. Vulnerabilities are being reported in increasing numbers.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
