An Exploratory Study into Vulnerability Chaining Blindness Terminology and Viability

by   Nikki Robinson, et al.

To tie together the concepts of linkage blindness and the inability to link vulnerabilities together in a Vulnerability Management Program (VMP), the researcher postulated new terminology. The terminology of vulnerability chaining blindness is proposed to understand the underlying issues behind vulnerability management and vulnerabilities that can be used in combination. The general problem is that IT and cybersecurity professionals have a difficult time identifying chained vulnerabilities due to the complexity of vulnerability prioritization and remediation (Abomhara Køien, 2015; Felmetsger et al., 2010). The specific problem is the inability to link and view multiple vulnerabilities in combination based on limited expertise and awareness of vulnerability chaining (Tang et al., 2017). The population of this study was limited to one focus group, within the IT and Security fields, within the United States. The sample size consisted of one focus group comprised of 8-10 IT and cybersecurity professionals. The research questions focused on if participants were aware of linkage blindness or vulnerability chaining, as well as if vulnerability chaining blindness would be applicable to describe the phenomenon. Several themes emerged through top-level, eclectic, and second-level coding data analysis. These themes included complexity in cybersecurity programs, new concepts in vulnerability management, as well as fear of the unknown and where security meets technology. Keywords: linkage blindness, vulnerability chaining, vulnerability chaining blindness, vulnerability management


Exploring the Security Awareness of the Python and JavaScript Open Source Communities

Software security is undoubtedly a major concern in today's software eng...

An Analysis of How Many Undiscovered Vulnerabilities Remain in Information Systems

Vulnerability management strategy, from both organizational and public p...

Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities

The Common Vulnerability Scoring System (CVSS) is a popular method for e...

Predicting Missing Information of Key Aspects in Vulnerability Reports

Software vulnerabilities have been continually disclosed and documented....

Bl0ck: Paralyzing 802.11 connections through Block Ack frames

Despite Wi-Fi is at the eve of its seventh generation, security concerns...

Vulnerability Forecasting: In theory and practice

Why wait for zero-days when you could predict them in advance? It is pos...

An Analysis of Security Vulnerabilities in Container Images for Scientific Data Analysis

Software containers greatly facilitate the deployment and reproducibilit...

Please sign up or login with your details

Forgot password? Click here to reset