The National Vulnerability Disclosure Database is an invaluable source of
information for security professionals and researchers. However, in some cases,
a vulnerability report is initially published with incomplete information, a
situation that complicates incident response and mitigation. In this paper, we
perform an empirical study of vulnerabilities that are initially submitted with
an incomplete report, and present key findings related to their frequency,
nature, and the time needed to update them. We further present a novel
ticketing process that is tailored to addressing the problems related to such
vulnerabilities and demonstrate the use of this system with a real-life use
case.Comment: Please cite as: Kobra Khanmohammadi & Raphael Khoury, Half-Day
Vulnerabilities: A study of the First Days of CVE Entries, The Conference on
Applied Machine Learning in Information Security (CAMLIS), Arlington, VI,
USA, oct. 2