VAOS: Vulnerability Attribute Ontology Score Framework for Evaluating Vulnerability Databases

Authors

  • Johnny Shaieb University Of Tulsa
  • John Hale

DOI:

https://doi.org/10.34190/iccws.21.1.4513

Keywords:

Vulnerability database attribute ontology analysis

Abstract

Vulnerability repositories play a foundational role in enabling organizations to perform vulnerability scoring, prioritization, and threat modeling; however, they vary widely in the vulnerability attributes they define, require, and make available within their repository schemas. Although existing taxonomies describe numerous vulnerability characteristics, limited research evaluates how effectively real‑world repositories support these practical security activities. This paper introduces the Vulnerability Attribute Ontology Score (VAOS), a framework for evaluating vulnerability repositories rather than individual vulnerabilities. VAOS defines nineteen weighted attributes organized across mandatory, recommended, and optional tiers. The framework is applied to ten vulnerability repositories spanning more than five decades, revealing substantial variation in attribute coverage—particularly in contextual attributes—and demonstrating VAOS’s value for repository evaluation, selection, and integration.

Author Biography

John Hale

John Hale is a Professor of Computer Science and Tandy Endowed Chair in Bioinformatics and Computational Biology at the University of Tulsa.  His research has been funded by the US Air Force, National Science Foundation, Defense Advanced Research Projects Agency, National Security Agency, and the Army Corps of Engineers.

Downloads

Published

19-02-2026

Issue

Vol. 21 No. 1 (2026): Proceedings of the 21st International Conference on Cyber Warfare and Security (ICCWS 2026)

Section

Academic Papers

License

Copyright (c) 2026 Johnny Shaieb, John Hale

Creative Commons License

This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.