Article review 2 | Justin Schoenle

Justin Schoenle
Diwakar Yalpi
CYSE 201S
November 17, 2024
Article Review #2
An article from the Oxford academic journal of cyber security titled “Improving vulnerability
remediation through better exploit prediction” by Jay Jacobs, Sasha Romanosky, Idris Adjerid,
and Wade Baker emphasizes how crucial it is for companies to develop cost effective strategies
for identifying cyber risks. The issue that is outlined in this journal is the difficulty in
manufacturing consistent and effective remediation systems for these threats and vulnerabilities
and if models based on prediction can accurately prioritize risks compared to other methods. It is
crucial for businesses to figure out what is the best method for mitigation of risk, whether
business decides to dump resources in an attempt to patch all known vulnerabilities or just focus
on the higher risk ones. The bottom line that is emphasized is that it seems no matter the
approach many businesses are struggling across the board with mitigation of these
vulnerabilities, data gathered in this study indicated that a more predictive approach for systems
was seen to be a lot more effective and accurate for identifying and managing known
vulnerabilities and risk. This data was collected through monitoring corporate networks through
a security firm, looking at public vulnerability networks, creating tags of known vulnerabilities
used in the wild to text mine with, and synthesizing all datasets together for a broader scope.
Socially this looks at how organization behavior and decision making is crucial to proper risk mitigation strategies being implemented, theories and ideas such as the cost benefit analysis and
risk assessment are huge in big business decisions and will have a huge impact on what goes on
and what is implemented into a company’s policy. The study also is about the importance in the
development of cyber security as it relates to business security which then effects people socially
as many people trust these corporations with their information whether that be emails, credit
cards, location, etc… People and society are mostly unaware of the cyber threats that could harm
them at any time, that is why studies like this are so important not just for companies but for
society. Finding a cost friendly yet effective system for identifying risks and vulnerabilities is
crucial for businesses and the societies that run of them.

Article Source
https://academic.oup.com/cybersecurity/article/6/1/tyaa015/5905457?searchresult=1