Mostrar el registro sencillo del ítem
| dc.contributor.author | Egana-Aranguren, Mikel | |
| dc.contributor.author | Fernández-Breis, Jesualdo-Tomás | |
| dc.contributor.author | Leon-Balentzia, Bidane | |
| dc.contributor.author | Rompe, Markus | |
| dc.contributor.author | García-Castro, Alexander | |
| dc.date.accessioned | 2026-04-20T09:43:33Z | |
| dc.date.available | 2026-04-20T09:43:33Z | |
| dc.date.issued | 2026-04 | |
| dc.identifier.citation | Egaña Aranguren M, Fernández-Breis JT, Leon Balentzia B, Rompe M, García Castro A. A comprehensive view of software vulnerability risks through enterprise knowledge graphs. Computers & Security. abril de 2026;163:104815. doi:10.1016/j.cose.2025.104815 | |
| dc.identifier.issn | 0167-4048 | |
| dc.identifier.uri | https://sms.carm.es/ricsmur/handle/123456789/25906 | |
| dc.description.abstract | Cybersecurity has emerged as a critical concern for modern enterprises due to the increasing complexity and diversity of threats. These risks exploit multiple attack vectors, such as phishing, unpatched vulnerabilities, and malware distribution, necessitating a comprehensive and unified approach to threat modeling. However, cybersecurity data is often siloed across disparate sources-ranging from JSON vulnerability reports (e.g., Amazon Inspector, CycloneDX) and dependency files (e.g., NPM) to relational databases and manual assessments-making integration a significant challenge. Knowledge Graphs offer the technological framework to successfully integrate disparate data. This work presents a KG-based solution for software vulnerability data integration at Siemens Energy, leveraging Enterprise Knowledge Graphs to unify heterogeneous datasets under a shared semantic model. Our approach consists of: (1) a Cybersecurity Ontology Network defining core entities and relationships, (2) an automated pipeline converting diverse data sources into a (3) scalable EKG that enables advanced threat analysis, and (4) competency questions and data quality rules validating the system's effectiveness. By adopting a Data-Centric Architecture, EKGs provide a flexible, future-proof framework for cybersecurity intelligence, overcoming the limitations of traditional Application-Centric systems, and ultimately providing FAIR data (Findable, Accessible, Interoperable, Reusable). This work offers actionable insights for organizations seeking to enhance cyber threat visibility while managing complex, evolving data landscapes. | |
| dc.language.iso | eng | |
| dc.publisher | ELSEVIER | |
| dc.rights | Atribución/Reconocimiento 4.0 Internacional | |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/deed.es | * |
| dc.title | A comprehensive view of software vulnerability risks through enterprise knowledge graphs | |
| dc.type | info:eu-repo/semantics/article | |
| dc.relation.publisherversion | https://linkinghub.elsevier.com/retrieve/pii/S0167404825005048 | |
| dc.type.version | info:eu-repo/semantics/publishedVersion | |
| dc.identifier.doi | 10.1016/j.cose.2025.104815 | |
| dc.journal.title | Computers & Security | |
| dc.identifier.essn | 1872-6208 |