Publications

Shows how converting CVSS scores across versions can support vulnerability management workflows, continuity, and better decision‑making.

Comparative study of open‑source static analysis (SAST) tools, assessing detection coverage, performance, and practicality to guide tool selection.

Automates CVSS v3.1 temporal scoring using signals from the Log4j 2021 case, improving timely, context-aware risk assessment and remediation decisions.

Examines CVSS base scores versus exploit availability to see if severity aligns with real-world exploitability and to inform risk-based prioritization.

Security evaluation of base container images, highlighting common risks and best practices for selecting hardened Docker foundations.

Survey of vulnerability management models leveraging CVSS for scoring and prioritization, guiding effective program design and risk reduction.

ML models to convert CVSS 2.0 base scores to CVSS 3.x, enabling consistent, automated migration and better vulnerability prioritization across systems.

Techniques to convert CVSS v2.0 base scores to v3.1, bridging versions for consistent vulnerability management during program transitions.

Automated, context‑aware vulnerability prioritization and response using CVSS, integrating environmental factors to streamline remediation workflows.

Near‑real‑time enterprise vulnerability assessment that integrates inventory data and CVSS to prioritize remediation across corporate networks.

Distributed system for enterprise vulnerability collection and prioritization, reducing latency and supporting large corporate networks at scale.

Containerized analysis tool that aggregates vulnerability data and prioritizes remediation across assets using CVSS, enabling scalable security operations.

Evaluates how cybersecurity mechanisms influence QoS in optical networks, balancing protection with performance and service reliability.