Repositorio Dspace

A comprehensive view of software vulnerability risks through enterprise knowledge graphs

Mostrar el registro sencillo del ítem

dc.contributor.author Egana-Aranguren, Mikel
dc.contributor.author Fernández-Breis, Jesualdo-Tomás
dc.contributor.author Leon-Balentzia, Bidane
dc.contributor.author Rompe, Markus
dc.contributor.author García-Castro, Alexander
dc.date.accessioned 2026-04-20T09:43:33Z
dc.date.available 2026-04-20T09:43:33Z
dc.date.issued 2026-04
dc.identifier.citation Egaña Aranguren M, Fernández-Breis JT, Leon Balentzia B, Rompe M, García Castro A. A comprehensive view of software vulnerability risks through enterprise knowledge graphs. Computers & Security. abril de 2026;163:104815. doi:10.1016/j.cose.2025.104815
dc.identifier.issn 0167-4048
dc.identifier.uri https://sms.carm.es/ricsmur/handle/123456789/25906
dc.description.abstract Cybersecurity has emerged as a critical concern for modern enterprises due to the increasing complexity and diversity of threats. These risks exploit multiple attack vectors, such as phishing, unpatched vulnerabilities, and malware distribution, necessitating a comprehensive and unified approach to threat modeling. However, cybersecurity data is often siloed across disparate sources-ranging from JSON vulnerability reports (e.g., Amazon Inspector, CycloneDX) and dependency files (e.g., NPM) to relational databases and manual assessments-making integration a significant challenge. Knowledge Graphs offer the technological framework to successfully integrate disparate data. This work presents a KG-based solution for software vulnerability data integration at Siemens Energy, leveraging Enterprise Knowledge Graphs to unify heterogeneous datasets under a shared semantic model. Our approach consists of: (1) a Cybersecurity Ontology Network defining core entities and relationships, (2) an automated pipeline converting diverse data sources into a (3) scalable EKG that enables advanced threat analysis, and (4) competency questions and data quality rules validating the system's effectiveness. By adopting a Data-Centric Architecture, EKGs provide a flexible, future-proof framework for cybersecurity intelligence, overcoming the limitations of traditional Application-Centric systems, and ultimately providing FAIR data (Findable, Accessible, Interoperable, Reusable). This work offers actionable insights for organizations seeking to enhance cyber threat visibility while managing complex, evolving data landscapes.
dc.language.iso eng
dc.publisher ELSEVIER
dc.rights Atribución/Reconocimiento 4.0 Internacional
dc.rights.uri https://creativecommons.org/licenses/by/4.0/deed.es *
dc.title A comprehensive view of software vulnerability risks through enterprise knowledge graphs
dc.type info:eu-repo/semantics/article
dc.relation.publisherversion https://linkinghub.elsevier.com/retrieve/pii/S0167404825005048
dc.type.version info:eu-repo/semantics/publishedVersion
dc.identifier.doi 10.1016/j.cose.2025.104815
dc.journal.title Computers & Security
dc.identifier.essn 1872-6208


Ficheros en el ítem

Este ítem aparece en la(s) siguiente(s) colección(ones)

Mostrar el registro sencillo del ítem

Atribución/Reconocimiento 4.0 Internacional Excepto si se señala otra cosa, la licencia del ítem se describe como Atribución/Reconocimiento 4.0 Internacional

Buscar en DSpace


Búsqueda avanzada

Listar

Mi cuenta