A Survey on Vulnerability Prioritization: Taxonomy, Metrics, and Research Challenges
It addresses the need for effective vulnerability prioritization strategies in cybersecurity to manage resource constraints and critical risks, though it is incremental as a survey and framework.
This paper tackles the problem of prioritizing vulnerabilities in cybersecurity by conducting a systematic review of 82 studies and introducing a novel taxonomy for metrics, revealing significant gaps in existing approaches and challenges with multi-domain applicability.
In the highly interconnected digital landscape of today, safeguarding complex infrastructures against cyber threats has become increasingly challenging due to the exponential growth in the number and complexity of vulnerabilities. Resource constraints necessitate effective vulnerability prioritization strategies, focusing efforts on the most critical risks. This paper presents a systematic literature review of 82 studies, introducing a novel taxonomy that categorizes metrics into severity, exploitability, contextual factors, predictive indicators, and aggregation methods. Our analysis reveals significant gaps in existing approaches and challenges with multi-domain applicability. By emphasizing the need for dynamic, context-aware metrics and scalable solutions, we provide actionable insights to bridge the gap between research and real-world applications. This work contributes to the field by offering a comprehensive framework for evaluating vulnerability prioritization methodologies and setting a research agenda to advance the state of practice.