Dataset: Adaptive Modelling for Security Vulnerability Propagation

This dataset was used to construct and simulate the security vulnerability propagation model in the study entitled: Adaptive Modelling for Security Vulnerability Propagation to Predict the Impact of Business Process Redesign. In this study, we used six business process redesign (BPR) case studies that occurred in Magento 2.1 to 2.2 and Magento 2.2 to 2.3. This dataset was used as input for the propagation modelling of information security vulnerabilities. We have 11 datasets representing the Magento business process models from Magento 2.1, 2.2, and 2.3, their vulnerability data, and their relation with application modules. In Magento 2.1 to 2.2, BPR occurred in the processes of managing consumer accounts, managing communication channels, and managing payments. The dataset on the first and second sheets relates to the process of managing consumer accounts in Magento 2.1 and 2.2. The dataset on the third and fourth sheets relates to the process of managing communication channels in Magento 2.1 and 2.2. Meanwhile, the dataset on the fifth and sixth sheets relates to the process of managing payments in Magento 2.1 and 2.2. In the upgrade from Magento 2.2 to 2.3, BPR appeared in managing payments, inventory, and shipping. The dataset on the sixth and seventh sheets relates to the process of managing payments in Magento 2.2 and 2.3. The eighth and ninth sheets dataset relates to the process of managing inventory in Magento 2.2 and 2.3. Meanwhile, the dataset on the tenth and eleventh sheets relates to the process of managing shipping in Magento 2.2 and 2.3. Each dataset contains a list of tasks (Task ID and Task Name column) that make up the Magento business process model. Tasks can be under a process (Process Name column) or a sub-process (Sub Process column). Data for each task is accompanied by the task type (Task Type column) and the task vulnerabilities. Task vulnerabilities are expressed by the CWE ID (Task Vuln column). The vulnerability scores consist of the score for each CWE (Task Vuln Score column) and the maximum score for each task (Max Task Score column). These vulnerability data were obtained from the results of the previous study entitled: Information Security Vulnerability Prediction Based On Business Process Model Using Machine Learning Approach. Each task is also accompanied by the next task (Next Task column) that follows so it can be used to form a series of business process models. Each task is also accompanied by a related module (Related Module ID and Related Module column) along with module vulnerability data. Module vulnerability data consists of two types, the predicted score (Max Predict column) and materialized score (Module Exploited Vuln Score) based on Magento CVE vulnerability data from the National Vulnerability Database (NVD).