Abstract
Vulnerability databases are vital sources of information on emergent software security concerns. How reliable and accurate are these databases though? This paper explores this question through the National Vulnerability Database (NVD), the U.S. government’s vulnerability repository that arguably serves as the industry standard. Our investigations uncover data inconsistency or incompleteness in the NVD that can impact its practical usage, by affecting information such as the vulnerability publication dates, the affected vendor and product names, severity scores, and vulnerability type fields. Preliminary results suggest shifting trends, unveiling common mistakes, suggestions, and strategies for their avoidance.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
