The paper shows that heterogeneous graph attention networks can classify vulnerable components in real SBOMs at 91% accuracy and that a simple MLP can predict documented multi-vulnerability chains with 0.93 ROC-AUC.
Title resolution pending
2 Pith papers cite this work. Polarity classification is still indexing.
2
Pith papers citing it
citation-role summary
background 1
citation-polarity summary
roles
background 1polarities
background 1representative citing papers
Large-scale study shows SBOM vulnerability scanners have 92% false positives from unreachable code, cut 61.9% by adding function call analysis.
citing papers explorer
-
Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs
The paper shows that heterogeneous graph attention networks can classify vulnerable components in real SBOMs at 91% accuracy and that a simple MLP can predict documented multi-vulnerability chains with 0.93 ROC-AUC.
-
A Reality Check on SBOM-based Vulnerability Management: An Empirical Study and A Path Forward
Large-scale study shows SBOM vulnerability scanners have 92% false positives from unreachable code, cut 61.9% by adding function call analysis.