Feature Models to boost the Vulnerability Management Process





Publicado en

Actas de las XXVII Jornadas de Ingeniería del Software y Bases de Datos (JISBD 2023)

Licencia Creative Commons


Vulnerability management is a critical and very challenging process that allows organisations to design a procedure to identify potential vulnerabilities, assess the level of risk, and define remediation mechanisms to address threats. Thus, the large number of configuration options in systems makes it extremely difficult to identify which configurations are affected by vulnerabilities and even assess how systems may be affected. There are several repositories to store information on systems, software vulnerabilities, and exploits. However, they are largely scattered, offer different formats and information, and their use has limitations, complicating vulnerability management automation. For this reason, we introduce a discussion concerning modelling in vulnerability management and the proposal of feature models as a means to collect the variability of software and system configurations to facilitate the vulnerability management process. This paper presents AMADEUS-Exploit, a feature model-based solution that provides query and reasoning mechanisms that make it easier for vulnerability management experts. The power of AMADEUS-Exploit is shown and evaluated in three different ways: first, the solution is compared with other vulnerability management tools; second, the solution is faced with another in a complex scenario with 4,000 vulnerabilities and 700 exploits; and finally, our solution was used in a real project demonstrating the usability of reasoning operations to determine potential vulnerabilities.


Acerca de Varela Vaca, Angel Jesus

Palabras clave

Cybersecurity, Feature Model, Vulnerability, Exploit, Reasoning, Vulnerable Management Process
Página completa del ítem
Notificar un error en este resumen
Mostrar cita
Mostrar cita en BibTeX
Descargar cita en BibTeX