Next Article in Journal
A Review of Subsurface Electrical Conductivity Anomalies in Magnetotelluric Imaging
Next Article in Special Issue
Implementation of IMS/NGN Transport Stratum Based on the SDN Concept
Previous Article in Journal
YOLOv7-RAR for Urban Vehicle Detection
Previous Article in Special Issue
Modeling Real-Life Urban Sensor Networks Based on Open Data
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sensors
Volume 23
Issue 4
10.3390/s23041802
Review Report
sensors-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Support for the Vulnerability Management Process Using Conversion CVSS Base Score 2.0 to 3.x

Sensors 2023, 23(4), 1802; https://doi.org/10.3390/s23041802
by Maciej Roman Nowak *, Michał Walkowski and Sławomir Sujecki
Reviewer 1: Anonymous
Reviewer 2:
Elena Basan
Reviewer 3:
Xiaodan Yan
Sensors 2023, 23(4), 1802; https://doi.org/10.3390/s23041802
Submission received: 5 January 2023 / Revised: 31 January 2023 / Accepted: 4 February 2023 / Published: 6 February 2023
(This article belongs to the Special Issue Advanced Management for Full-Automized Networks in Post-COVID Era)

Round 1

Reviewer 1 Report

The authors propose a machine learning based approach to to convert the base score of the Common Vulnerability Scoring System (CVSS) from  version 2.0 to 3.x.Once all CVSS 3.x scores are calculated, all vulnerabilities can be prioritised according to CVSS 3.x standard.

The authors need to describe the scoring mechanism in detail.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

This article deals with a very important topic. The study is devoted to the integration of various formats of databases of vulnerabilities. With ethos, the authors consider the CVSS database, although in fact the problem is much broader. In the future, you can use the research results to integrate not just different versions, but also different databases. The authors use machine learning methods and describe the process well. Nevertheless, I would like to expand the analysis of papers devoted to natural language processing and consideration of neurolinguistic methods.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

1. The paper does not fill a gap since this point motivating the work has not been sufficiently demonstrated due to the lack of sound statistical data and supportive references. The paper does not contain sufficient novelty to warrant publication. 

2. Regarding the background of this study, the discussion is shallow in the abstract. In fact, how to realize the novel algorithm should not be discussed in detail in this part. Change this focus in the abstract.

3. I think the mathematical analysis of the performance evaluation of the scheme is not enough, it should be futher strengthen.

4. The presentation should be improved and many typos and grammar errors should be corrected, such as missing an article before the word, the singular and plural forms of some words. You should check out the manuscript carefully. Besides, the variables need to be represented in italics.

5. The standard of references is not unified and the information of some references are incorrect.

more comments:

1. In the Introduction, you should point out the shortcomings of the previous research about CVSS 2.0 more specifically, in contrast to the method proposed by this paper.    2. You should add some structure details in Figure 1 to make the mechanism clearer to the reader. The current version is confusing and I have difficulty in understanding it. A more detailed description of Figure 1 should be given to clearly demonstrate the effectiveness of the obtained results.    3. The authors conducted their experiments with different algorithms, i.e. KNN, PNN, LIN, NB, and GRBF. What is the reason to choose these special algorithms? Necessary explanations for the selections are absent.     4. The article lacks description of algorithm for the aproposed method.  You should provide some details. And some parameters need to be clearly defined before used in those algorithms.

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 3 Report

The revised paper has already met the quality requirements of the journal and is recommended to be accepted.

Back to TopTop