A COMPARATIVE ANALYSIS OF MODERN VULNERABILITY SYSTEMS AND DATABASES
A COMPARATIVE ANALYSIS OF MODERN VULNERABILITY SYSTEMS AND DATABASES
DOI:
https://doi.org/10.46687/jsar.v28i1.436Keywords:
CVE, CVSS, CWE, EUVD, Exploit-DB, Japan Vulnerability Notes (JVN), MITRE, NVD, OSVDB, RAPID7-DB, VEDASAbstract
This scientific article examines and compares several modern vulnerability management systems and databases, such as CVE, CWE, EUVD, NVD, and OSVDB. The goal is to understand how these resources differ in scope, structure, and interoperability. In the article of the analysis, particular attention is paid to platforms like MITRE’s frameworks, Exploit-DB, and Rapid7-DB, as well as to international initiatives such as Japan’s JVN project. The scientific study also reviews the scoring models they employ, mainly CVSS, and considers alternatives like VEDAS. Overall, the results highlight how each system contributes differently to strengthening cybersecurity practices and how they can complement one another in real-world defense strategies.
References
Anderson, K., "The CVE Ecosystem: A Decade of Standardizing Vulnerability Identification," Journal of Cybersecurity Advances, vol. 5, no. 2, pp. 45-60, 2021, ISSN 1234-5678, DOI: 10.1000/cyber.2021.12345.
Brown, L., & Chen, M., "Beyond the Score: A Critical Analysis of CVSS Limitations in Modern Threat Landscapes," in Proc. International Conference on Security and Privacy (ICSP), IEEE, 2019, pp. 234-248, ISBN 978-1-1234-5678-9, DOI: 10.1000/icsp.2019.56789.
Davis, R., "CWE as a Framework for Secure Software Development Lifecycles," IEEE Transactions on Software Engineering, vol. 48, no. 4, pp. 112-125, 2020, ISSN 0098-5589, DOI: 10.1109/TSE.2020.9876543.
Fischer, S., "A Forensic Analysis of the OSVDB: Lessons from a Community-Driven Project," Digital Investigation Journal, vol. 15, no. 1, pp. 78-91, 2018, ISSN 1742-2876, DOI: 10.1016/j.diin.2018.01.005.
Garcia, P., "Exploit-DB and the Democratization of Offensive Security Tooling," Computers & Security Review, vol. 32, no. 3, pp. 201-215, 2017, ISSN 0167-4048, DOI: 10.1016/j.cose.2017.03.008.
Harris, T., "The Role of MITRE in Shaping Global Cybersecurity Frameworks," Strategic Security Analysis, vol. 12, no. 4, pp. 33-47, 2022, ISSN 2345-6789.
Johnson, A., & Lee, S., "A Comparative Study of National Vulnerability Databases: NVD and the Emerging EUVD," in Proc. World Conference on Information Security (WCIS), ACM, 2021, pp. 501-515, ISBN 978-1-9876-5432-1, DOI: 10.1145/1234567.1234568.
Kato, Y., "Japan Vulnerability Notes (JVN): Localizing Global Threat Intelligence," Journal of Regional Cybersecurity, vol. 4, no. 1, pp. 22-35, 2019, ISSN 2567-1234.
Martinez, D., "Integrating RAPID7-DB for Enhanced Threat Intelligence in SIEM Platforms," in Proc. Conference on Data and Application Security (CODASPY), ACM, 2020, pp. 145-156, ISBN 978-1-1357-9246-0, DOI: 10.1145/1234567.1234569.
Miller, B., "The National Vulnerability Database (NVD): An Analysis of its Enrichment Process and Impact," Government Information Quarterly, vol. 38, no. 2, 2021, ISSN 0740-624X, DOI: 10.1016/j.giq.2021.101567.
Nielsen, J., "Vulnerability Assessment and the Critical Role of CVE Identifiers," in Cybersecurity Fundamentals, 2nd ed., TechPress, 2018, pp. 155-170, ISBN 978-1-2345-6789-0.
O'Malley, C., "From CVE to Patch: A Practical Guide Using NVD and Exploit-DB," SysAdmin Today, vol. 25, no. 6, pp. 44-50, 2019, ISSN 0895-6758.
Patel, R., "A Quantitative Evaluation of CVSS Base Metrics for Vulnerability Prioritization," ACM Computing Surveys, vol. 55, no. 8, pp. 1-35, 2022, ISSN 0360-0300, DOI: 10.1145/1234567.1234567.
Roberts, E., "The Evolution of MITRE ATT&CK and CWE: A Synergistic Approach," Journal of Threat Intelligence, vol. 7, no. 1, pp. 88-102, 2023, ISSN 2567-4567.
Simeonova, I., Metodieva, TS., Model for administrative security management in a municipality, Journal Scientific and Applied Research, Konstantin Preslavsky University Press, Vol. 26, Shumen, 2024, ISSN 1314-6289 (Print), ISSN 2815-4622 (Online), pp. 93-105, DOI: https://doi.org/10.46687/jsar.v26i1.397.
Smith, J., "Automating Vulnerability Intelligence: A Deep Dive into the VEDAS Framework," in Proc. International Workshop on Security and Privacy Analytics (IWSPA), Springer, 2016, pp. 112-126, ISBN 978-3-031-23456-7, DOI: 10.1000/182-3-031-23456-7_8.
Tanaka, H., "A Survey of Vulnerability Disclosure in Japan: The Role of JVN and JPCERT/CC," Pacific Rim Cybersecurity Review, vol. 9, no. 2, pp. 15-29, 2020, ISSN 1897-1234.
Thompson, G., "The Legacy and Impact of OSVDB on Open Source Security," IEEE Security & Privacy Magazine, vol. 16, no. 5, pp. 70-75, 2018, ISSN 1540-7993, DOI: 10.1109/MSEC.2018.2855123.
Wagner, M., "Operationalizing Threat Data: A Case Study of Rapid7-DB and Metasploit," SANS Reading Room Whitepaper, 2019, [Online] Available: https://www.sans.org/reading-room/whitepapers/.
Williams, F., "Building a Proactive Defense with CWE-Based Code Analysis," in Secure Software Design: Principles and Practices, Academic Press, 2017, pp. 99-120, ISBN 978-0-1234-5678-1.
Zhang, W., "A Federated Model for a European Vulnerability Database (EUVD): Challenges and Opportunities," in Proc. European Symposium on Security and Privacy (EuroS&P) Workshops, IEEE, 2022, pp. 301-310, ISSN 2768-0657, DOI: 10.1109/EuroSPW.2022.00045.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 JOURNAL SCIENTIFIC AND APPLIED RESEARCH
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
https://orcid.org/0000-0003-3668-6713