Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive research presentation examining the misuse and misconceptions surrounding Common Vulnerabilities and Exposures (CVE) identifiers in academic security research. Delve into a systematic study conducted by researchers from CISPA Helmholtz Center for Information Security, Ruhr University Bochum, TU Braunschweig, and KU Leuven that analyzes how academic papers have increasingly claimed CVE numbers over the past 25 years, often without corresponding real-world security implications. Discover findings from quantitative analysis, qualitative review of 1,803 CVEs from recent academic papers, and a survey of 103 academic reviewers and authors that reveal 34% of claimed CVEs were either unconfirmed or disputed by software maintainers. Learn about the widespread misconceptions within the academic community regarding the CVE system's purpose as an identification tool rather than a measure of vulnerability severity or real-world impact. Understand the implications of using CVE assignments as proxies for practical security research outcomes and gain actionable recommendations for improving how the academic security community approaches vulnerability disclosure and impact assessment. This Distinguished Paper Award-winning research provides critical insights into the intersection of academic research practices and real-world cybersecurity communication standards.
