| Paper Abstract and Keywords |
| Presentation |
2026-06-17 11:50
Current Status and Challenges of Automated Vulnerability Mitigation Based on Limited Software Information Shosuke Oba, Reika Nishimura.Arakawa, Yo Kanemoto (NTT) IA2026-6 ICSS2026-6 |
| Abstract |
(in Japanese) |
(See Japanese page) |
| (in English) |
As a countermeasure against software supply chain attacks, prompt patch application is required when vulnerabilities are discovered in dependent software. However, in real-world operations, immediate patching is often infeasible due to concerns about availability, making it crucial to mitigate the risk during the vulnerability exposure window before patches can be applied. Although numerous studies on vulnerability mitigation exist, most of them assume the availability of detailed information such as source code and environment configurations, which is not necessarily accessible in situations such as outsourced vulnerability response. In this paper, we survey existing research on automated vulnerability response and organize it from the perspective of the information required for application. Through this survey, we show that achieving vulnerability mitigation based on limited software information involves two key challenges: given that the complete supplementation of missing information is fundamentally infeasible, (1) the development of mitigation techniques that explicitly account for the uncertainty of inferred information, and (2) the evaluation of side effects of mitigation strategies under such uncertainty. |
| Keyword |
(in Japanese) |
(See Japanese page) |
| (in English) |
software supply chain security / vulnerability remediation / virtual patching / / / / / |
| Reference Info. |
IEICE Tech. Rep., vol. 126, no. 74, ICSS2026-6, pp. 30-37, June 2026. |
| Paper # |
ICSS2026-6 |
| Date of Issue |
2026-06-10 (IA, ICSS) |
| ISSN |
Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
| Download PDF |
IA2026-6 ICSS2026-6 |
| Conference Information |
| Committee |
IA ICSS |
| Conference Date |
2026-06-17 - 2026-06-18 |
| Place (in Japanese) |
(See Japanese page) |
| Place (in English) |
e-Topia, Kagawa BB Square |
| Topics (in Japanese) |
(See Japanese page) |
| Topics (in English) |
Internet Security, etc. |
| Paper Information |
| Registration To |
ICSS |
| Conference Code |
2026-06-IA-ICSS |
| Language |
Japanese |
| Title (in Japanese) |
(See Japanese page) |
| Sub Title (in Japanese) |
(See Japanese page) |
| Title (in English) |
Current Status and Challenges of Automated Vulnerability Mitigation Based on Limited Software Information |
| Sub Title (in English) |
|
| Keyword(1) |
software supply chain security |
| Keyword(2) |
vulnerability remediation |
| Keyword(3) |
virtual patching |
| Keyword(4) |
|
| Keyword(5) |
|
| Keyword(6) |
|
| Keyword(7) |
|
| Keyword(8) |
|
| 1st Author's Name |
Shosuke Oba |
| 1st Author's Affiliation |
NTT Social Informatics Laboratories (NTT) |
| 2nd Author's Name |
Reika Nishimura.Arakawa |
| 2nd Author's Affiliation |
NTT Social Informatics Laboratories (NTT) |
| 3rd Author's Name |
Yo Kanemoto |
| 3rd Author's Affiliation |
NTT Social Informatics Laboratories (NTT) |
| 4th Author's Name |
|
| 4th Author's Affiliation |
() |
| 5th Author's Name |
|
| 5th Author's Affiliation |
() |
| 6th Author's Name |
|
| 6th Author's Affiliation |
() |
| 7th Author's Name |
|
| 7th Author's Affiliation |
() |
| 8th Author's Name |
|
| 8th Author's Affiliation |
() |
| 9th Author's Name |
|
| 9th Author's Affiliation |
() |
| 10th Author's Name |
|
| 10th Author's Affiliation |
() |
| 11th Author's Name |
|
| 11th Author's Affiliation |
() |
| 12th Author's Name |
|
| 12th Author's Affiliation |
() |
| 13th Author's Name |
|
| 13th Author's Affiliation |
() |
| 14th Author's Name |
|
| 14th Author's Affiliation |
() |
| 15th Author's Name |
|
| 15th Author's Affiliation |
() |
| 16th Author's Name |
|
| 16th Author's Affiliation |
() |
| 17th Author's Name |
|
| 17th Author's Affiliation |
() |
| 18th Author's Name |
|
| 18th Author's Affiliation |
() |
| 19th Author's Name |
|
| 19th Author's Affiliation |
() |
| 20th Author's Name |
|
| 20th Author's Affiliation |
() |
| 21st Author's Name |
|
| 21st Author's Affiliation |
() |
| 22nd Author's Name |
|
| 22nd Author's Affiliation |
() |
| 23rd Author's Name |
|
| 23rd Author's Affiliation |
() |
| 24th Author's Name |
|
| 24th Author's Affiliation |
() |
| 25th Author's Name |
|
| 25th Author's Affiliation |
() |
| 26th Author's Name |
/ / |
| 26th Author's Affiliation |
()
() |
| 27th Author's Name |
/ / |
| 27th Author's Affiliation |
()
() |
| 28th Author's Name |
/ / |
| 28th Author's Affiliation |
()
() |
| 29th Author's Name |
/ / |
| 29th Author's Affiliation |
()
() |
| 30th Author's Name |
/ / |
| 30th Author's Affiliation |
()
() |
| 31st Author's Name |
/ / |
| 31st Author's Affiliation |
()
() |
| 32nd Author's Name |
/ / |
| 32nd Author's Affiliation |
()
() |
| 33rd Author's Name |
/ / |
| 33rd Author's Affiliation |
()
() |
| 34th Author's Name |
/ / |
| 34th Author's Affiliation |
()
() |
| 35th Author's Name |
/ / |
| 35th Author's Affiliation |
()
() |
| 36th Author's Name |
/ / |
| 36th Author's Affiliation |
()
() |
| Speaker |
Author-1 |
| Date Time |
2026-06-17 11:50:00 |
| Presentation Time |
25 minutes |
| Registration for |
ICSS |
| Paper # |
IA2026-6, ICSS2026-6 |
| Volume (vol) |
vol.126 |
| Number (no) |
no.73(IA), no.74(ICSS) |
| Page |
pp.30-37 |
| #Pages |
8 |
| Date of Issue |
2026-06-10 (IA, ICSS) |