An Exploratory Study into Vulnerability Chaining Blindness Terminology and Viability
Nikki Robinson
TL;DR
This study introduces the concept of vulnerability chaining blindness to describe the difficulty cybersecurity professionals face in linking multiple vulnerabilities, highlighting the complexity and awareness gaps in vulnerability management.
Contribution
It proposes new terminology to better understand and address the challenges of vulnerability chaining in cybersecurity management.
Findings
Participants were largely unaware of vulnerability chaining blindness.
Complexity and lack of awareness hinder effective vulnerability linkage.
Themes included fear of the unknown and technological challenges.
Abstract
To tie together the concepts of linkage blindness and the inability to link vulnerabilities together in a Vulnerability Management Program (VMP), the researcher postulated new terminology. The terminology of vulnerability chaining blindness is proposed to understand the underlying issues behind vulnerability management and vulnerabilities that can be used in combination. The general problem is that IT and cybersecurity professionals have a difficult time identifying chained vulnerabilities due to the complexity of vulnerability prioritization and remediation (Abomhara & K{\o}ien, 2015; Felmetsger et al., 2010). The specific problem is the inability to link and view multiple vulnerabilities in combination based on limited expertise and awareness of vulnerability chaining (Tang et al., 2017). The population of this study was limited to one focus group, within the IT and Security fields,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Cybercrime and Law Enforcement Studies · Network Security and Intrusion Detection