Predicting the Discovery Pattern of Publically Known Exploited Vulnerabilities

Vulnerabilities with publically known exploits typically form 2-7% of all vulnerabilities reported for a given software version. With a smaller number of known exploited vulnerabilities compared with the total number of vulnerabilities, it is more difficult to model and predict when a vulnerability with a known exploit will be reported. In this paper, we introduce an approach for predicting the discovery pattern of publically known exploited vulnerabilities using all publically known vulnerabilities reported for a given software. Eight commonly used vulnerability discovery models (VDMs) and one neural network model (NNM) were utilized to evaluate the prediction capability of our approach. We compared their predictions results with the scenario when only exploited vulnerabilities were used for prediction. Our results show that, in terms of prediction accuracy, out of eight software we analyzed, our approach led to more accurate results in seven cases. Only in one case, the accuracy of our approach was worse by 1.6%

Vulnerability Prediction Capability: A Comparison between Vulnerability Discovery Models and Neural Network Models

In this paper, we introduce an approach for predicting the cumulative number of software vulnerabilities that is in most cases more accurate than vulnerability discovery models (VDMs). Our approach uses a neural network model (NNM) to model the nonlinearities associated with vulnerability disclosure. Nine common VDMs were used to compare their prediction capability with our approach. The different models were applied to vulnerabilities associated with eight well-known software (four operating systems and four web browsers). The models were assessed in terms of prediction accuracy and prediction bias. Out of eight software we analyzed, the NNM outperformed the VDMs in all the cases in terms of prediction accuracy, and provided smaller values of absolute average bias in seven cases. This study shows that NNMs are promising for accurate predictions of software vulnerabilities disclosures

Patterns of Orthopaedic Complications of Haemophilia at Khartoum Haemophilia Clinic

Background: Haemophilia is a common hereditary bleeding disorder caused by deficiency in clotting factor VIII (Type A) factor IX (Type B) with A:B 5:1. Severity of the disease depends on the level of the circulating factor. Bleeding tendency is the presenting feature and musculoskeletalinvolvement is a common presenting feature.Objectives: To study the demographic characteristics, clinical and radiological patterns of musculoskeletal disorders associated with haemophilia in patients presented to Khartoum Haemophilia Clinic (KHC).Patients and Methods: Demographic characteristics, patterns of clinical and radiological features of 78 patients with haemophilia A and B who presented to KHC, between March 2004 and June 2005 were analyzed.Results: There were 78 patients; all were males, their ages ranging between 1.5 and 50 years. 80% of them were either of preschool or school age groups. Haemophilia A: B was 4.5:1. Over 80% had articular involvement and the knee joint was involved in more than 50% of cases.Radiological findings were less severe in patients with haemophilia B, and were more severe in patients older than 30 years of age.Conclusion: We conclude that most of patients present with sequelae of recurrent musculoskeletal bleeds. Thus we observed that most of cases presented late with already destroyed joints. We recommend here to give treatment as prophylactic rather than on demand as it is now practiced asinevitable destruction of joints with repeated bleeds will be the presenting feature

Cluster-based Vulnerability Assessment Applied to Operating Systems

Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function of vulnerabilities by relaxing the monotonic intensity function assumption, which is prevalent among the studies that use software reliability models (SRMs) and nonhomogeneous Poisson process (NHPP) in modeling. We applied our approach to the vulnerabilities of four OSs: Windows, Mac, IOS, and Linux. For the OSs analyzed in terms of curve fitting and prediction capability, our results, compared to a power-law model without clustering issued from a family of SRMs, are more accurate in all cases we analyzed

Cluster-based Vulnerability Assessment Applied to Operating Systems

Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function of vulnerabilities by relaxing the monotonic intensity function assumption, which is prevalent among the studies that use software reliability models (SRMs) and nonhomogeneous Poisson process (NHPP) in modeling. We applied our approach to the vulnerabilities of four OSs: Windows, Mac, IOS, and Linux. For the OSs analyzed in terms of curve fitting and prediction capability, our results, compared to a power-law model without clustering issued from a family of SRMs, are more accurate in all cases we analyzed

Cluster-based Vulnerability Assessment of Operating Systems and Web Browsers

Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) and web browsers they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function of vulnerabilities by relaxing the monotonic intensity function assumption, which is prevalent among the studies that use software reliability models (SRMs) and nonhomogeneous Poisson process (NHPP) in modeling. We applied our approach to the vulnerabilities of four OSs (Windows, Mac, IOS, and Linux) and four web browsers (Internet Explorer, Safari, Firefox, and Chrome). Out of the total eight OSs and web browsers we analyzed using a power-law model issued from a family of SRMs, the model was statistically adequate for modeling in six cases. For these cases, in terms of estimation and forecasting capability, our results, compared to a power-law model without clustering, are more accurate in all cases but one

Association of interatrial septal abnormalities with cardiac impulse conduction disorders in adult patients: experience from a tertiary center in Kosovo

Interatrial septal disorders, which include: atrial septal defect, patent foramen ovale and atrial septal aneurysm, are frequent congenital anomalies found in adult patients. Early detection of these anomalies is important to prevent their hemodynamic and/or thromboembolic consequences. The aims of this study were: to assess the association between impulse conduction disorders and anomalies of interatrial septum; to determine the prevalence of different types of interatrial septum abnormalities; to assess anatomic, hemodynamic, and clinical consequences of interatrial septal pathologies. Fifty-three adult patients with impulse conduction disorders and patients without ECG changes but with signs of interatrial septal abnormalities, who were referred to our center for echocardiography, were included in a prospective transesophageal echocardiography study. Interatrial septal anomalies were detected in around 85% of the examined patients. Patent foramen ovale was encountered in 32% of the patients, and in combination with atrial septal aneurysm in an additional 11.3% of cases. Atrial septal aneurysm and atrial septal defect were diagnosed with equal frequency in 20.7% of our study population. Impulse conduction disorders were significantly more suggestive of interatrial septal anomalies than clinical signs and symptoms observed in our patients (84.91% vs 30.19%, P=0.002). Right bundle branch block was the most frequent impulse conduction disorder, found in 41 (77.36%) cases. We conclude that interatrial septal anomalies are highly associated with impulse conduction disorders, particularly with right bundle branch block. Impulse conduction disorders are more indicative of interatrial septal abnormalities in earlier stages than can be understood from the patient’s clinical condition

First measurement of the π+π−\pi^+\pi^- atom lifetime

The goal of the DIRAC experiment at CERN (PS212) is to measure the $\pi^+\pi^-$ atom lifetime with 10% precision. Such a measurement would yield a precision of 5% on the value of the $S$-wave $\pi\pi$ scattering lengths combination $|a_0-a_2|$. Based on part of the collected data we present a first result on the lifetime, $\tau=[2.91 ^{+0.49}_{-0.62}]\times 10^{-15}$ s, and discuss the major systematic errors. This lifetime corresponds to $|a_0-a_2|=0.264 ^{+0.033}_{-0.020} m_{\pi}^{-1}$.Comment: 18 pages, 6 figure

Epidemiology, practice of ventilation and outcome for patients at increased risk of postoperative pulmonary complications

BACKGROUND Limited information exists about the epidemiology and outcome of surgical patients at increased risk of postoperative pulmonary complications (PPCs), and how intraoperative ventilation was managed in these patients. OBJECTIVES To determine the incidence of surgical patients at increased risk of PPCs, and to compare the intraoperative ventilation management and postoperative outcomes with patients at low risk of PPCs. DESIGN This was a prospective international 1-week observational study using the ‘Assess Respiratory Risk in Surgical Patients in Catalonia risk score’ (ARISCAT score) for PPC for risk stratification. PATIENTS AND SETTING Adult patients requiring intraoperative ventilation during general anaesthesia for surgery in 146 hospitals across 29 countries. MAIN OUTCOME MEASURES The primary outcome was the incidence of patients at increased risk of PPCs based on the ARISCAT score. Secondary outcomes included intraoperative ventilatory management and clinical outcomes. RESULTS A total of 9864 patients fulfilled the inclusion criteria. The incidence of patients at increased risk was 28.4%. The most frequently chosen tidal volume (VT) size was 500 ml, or 7 to 9 ml kg1 predicted body weight, slightly lower in patients at increased risk of PPCs. Levels of positive end-expiratory pressure (PEEP) were slightly higher in patients at increased risk of PPCs, with 14.3% receiving more than 5 cmH2O PEEP compared with 7.6% in patients at low risk of PPCs (P < 0.001). Patients with a predicted preoperative increased risk of PPCs developed PPCs more frequently: 19 versus 7%, relative risk (RR) 3.16 (95% confidence interval 2.76 to 3.61), P < 0.001) and had longer hospital stays. The only ventilatory factor associated with the occurrence of PPCs was the peak pressure. CONCLUSION The incidence of patients with a predicted increased risk of PPCs is high. A large proportion of patients receive high VT and low PEEP levels. PPCs occur frequently in patients at increased risk, with worse clinical outcome

Geoeconomic variations in epidemiology, ventilation management, and outcomes in invasively ventilated intensive care unit patients without acute respiratory distress syndrome: a pooled analysis of four observational studies

Background: Geoeconomic variations in epidemiology, the practice of ventilation, and outcome in invasively ventilated intensive care unit (ICU) patients without acute respiratory distress syndrome (ARDS) remain unexplored. In this analysis we aim to address these gaps using individual patient data of four large observational studies. Methods: In this pooled analysis we harmonised individual patient data from the ERICC, LUNG SAFE, PRoVENT, and PRoVENT-iMiC prospective observational studies, which were conducted from June, 2011, to December, 2018, in 534 ICUs in 54 countries. We used the 2016 World Bank classification to define two geoeconomic regions: middle-income countries (MICs) and high-income countries (HICs). ARDS was defined according to the Berlin criteria. Descriptive statistics were used to compare patients in MICs versus HICs. The primary outcome was the use of low tidal volume ventilation (LTVV) for the first 3 days of mechanical ventilation. Secondary outcomes were key ventilation parameters (tidal volume size, positive end-expiratory pressure, fraction of inspired oxygen, peak pressure, plateau pressure, driving pressure, and respiratory rate), patient characteristics, the risk for and actual development of acute respiratory distress syndrome after the first day of ventilation, duration of ventilation, ICU length of stay, and ICU mortality. Findings: Of the 7608 patients included in the original studies, this analysis included 3852 patients without ARDS, of whom 2345 were from MICs and 1507 were from HICs. Patients in MICs were younger, shorter and with a slightly lower body-mass index, more often had diabetes and active cancer, but less often chronic obstructive pulmonary disease and heart failure than patients from HICs. Sequential organ failure assessment scores were similar in MICs and HICs. Use of LTVV in MICs and HICs was comparable (42\ub74% vs 44\ub72%; absolute difference \u20131\ub769 [\u20139\ub758 to 6\ub711] p=0\ub767; data available in 3174 [82%] of 3852 patients). The median applied positive end expiratory pressure was lower in MICs than in HICs (5 [IQR 5\u20138] vs 6 [5\u20138] cm H2O; p=0\ub70011). ICU mortality was higher in MICs than in HICs (30\ub75% vs 19\ub79%; p=0\ub70004; adjusted effect 16\ub741% [95% CI 9\ub752\u201323\ub752]; p&lt;0\ub70001) and was inversely associated with gross domestic product (adjusted odds ratio for a US$10 000 increase per capita 0\ub780 [95% CI 0\ub775\u20130\ub786]; p&lt;0\ub70001). Interpretation: Despite similar disease severity and ventilation management, ICU mortality in patients without ARDS is higher in MICs than in HICs, with a strong association with country-level economic status. Funding: No funding