"Lifecycle-Based, VEX-Driven Software Component Risk Classification Dataset"
收藏DataCite Commons2026-03-27 更新2026-05-03 收录
下载链接:
https://ieee-dataport.org/documents/lifecycle-based-vex-driven-software-component-risk-classification-dataset
下载链接
链接失效反馈官方服务:
资源简介:
"This dataset provides a structured, lifecycle-based classification of software components using a VEX-driven risk interpretation model designed for safety-critical and cyber-physical systems. It captures how vulnerability status, exploitability, and operational impact vary across different stages of the software lifecycle, including design, build, release, and operations.Unlike traditional vulnerability datasets that rely primarily on severity scoring systems such as CVSS, this dataset introduces a governance-oriented representation that distinguishes safety relevance from general software functionality. Each record maps a software component to its intended function, safe operation definition, lifecycle stage, VEX status (Affected, Not Affected, Not Exploitable), exploitability, and impact level.The dataset includes both safety-critical components (e.g., braking, steering, sensor fusion, ECU control systems) and non-safety components (e.g., telemetry, logging, infotainment), enabling comparative analysis of risk propagation across system boundaries. It is intended to support research in software supply chain security, SBOM\/VEX analysis, automotive cybersecurity, and lifecycle-aware vulnerability management.This dataset is suitable for academic research, benchmarking, and experimentation in risk modeling, vulnerability governance frameworks, and safety-critical system assurance."
提供机构:
IEEE DataPort
创建时间:
2026-03-27
