Classifying Web Exploits with Topic Modeling

This short empirical paper investigates how well topic modeling and database meta-data characteristics can classify web and other proof-of-concept (PoC) exploits for publicly disclosed software vulnerabilities. By using a dataset comprised of over 36 thousand PoC exploits, near a 0.9 accuracy rate is obtained in the empirical experiment. Text mining and topic modeling are a significant boost factor behind this classification performance. In addition to these empirical results, the paper contributes to the research tradition of enhancing software vulnerability information with text mining, providing also a few scholarly observations about the potential for semi-automatic classification of exploits in the existing tracking infrastructures.Comment: Proceedings of the 2017 28th International Workshop on Database and Expert Systems Applications (DEXA). http://ieeexplore.ieee.org/abstract/document/8049693

An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications

This paper examines software vulnerabilities in common Python packages used particularly for web development. The empirical dataset is based on the PyPI package repository and the so-called Safety DB used to track vulnerabilities in selected packages within the repository. The methodological approach builds on a release-based time series analysis of the conditional probabilities for the releases of the packages to be vulnerable. According to the results, many of the Python vulnerabilities observed seem to be only modestly severe; input validation and cross-site scripting have been the most typical vulnerabilities. In terms of the time series analysis based on the release histories, only the recent past is observed to be relevant for statistical predictions; the classical Markov property holds.Comment: Forthcoming in: Proceedings of the 9th International Workshop on Empirical Software Engineering in Practice (IWESEP 2018), Nara, IEE

Reassessing Measures for Press Freedom

There has been a newly refound interest in press freedom in the face of various global scandals, transformation of media, technological change, obstacles to deliberative democracy, and other factors. Press freedom is frequently used also as an explanatory factor in comparative empirical research. However, validations of existing measurement instruments on press freedom have been far and few between. Given these points, this paper evaluates eight cross-country instruments on press freedom in 147 countries between 2001 and 2020, replicating an earlier study with a comparable research setup. The methodology is based on principal component analysis and multi-level regression modeling. According to the results, the construct (convergence) validity of the instruments is good; they all measure the same underlying semi-narrow definition for press freedom elaborated in the paper. In addition, any of the indices seems suitable to be used interchangeability in empirical research. Limitations and future research directions are further discussed.Comment: Submitte

The Treachery of Images in the Digital Sovereignty Debate

This short theoretical and argumentative essay contributes to the ongoing deliberation about the so-called digital sovereignty, as pursued particularly in the European Union (EU). Drawing from classical political science literature, the essay approaches the debate through paradoxes that arise from applying classical notions of sovereignty to the digital domain. With these paradoxes and a focus on the Peace of Westphalia in 1648, the essay develops a viewpoint distinct from the conventional territorial notion of sovereignty. Accordingly, the lesson from Westphalia has more to do with the capacity of a state to govern. It is also this capacity that is argued to enable the sovereignty of individuals within the digital realm. With this viewpoint, the essay further advances another, broader, and more pressing debate on politics and democracy in the digital era.Comment: Minds and Machines, published online in July 2021, pp. 1-1