The Oxford Academy’s Journal of Cybersecurity has a Journal Article named Improving vulnerability remediation through better exploitation prediction. This Article explores ways the cyber community targets exploits by predicting malicious behavior before it happens. As the information security world is still developing, many ways to combat vulnerabilities still need to be proven and/or discovered. So far cybersecurity firms have prioritized “remediation using crude heuristics and limited data,” meaning they are still trying to understand attacks from the past instead of securing the future. Discovering vulnerabilities in a timely and proactive manner can help firms be cost-efficient, secure, and less likely to be at risk. 

The study to prevent vulnerabilities includes an understanding of the social sciences because the correlation between cyber crimes and human behaviors is linear. The three main social sciences reflected in the journal articles are sociology, criminology, and history. Sociology is the study of human behavior which mainly can help cyber professionals create better remediation techniques based on how humans might behave in the cyber sphere. By understanding sociology, scholars can understand how many behave online and where vulnerabilities lie due to human error to combat that. Scholars can understand how cyber criminals may choose to attack because of criminology, by studying cybercriminal behaviors then expecting attacks may become simple for firms. History teaches cyber professionals how criminals have behaved in the past, and helps prevent those same attacks in the future. 

The journal article relates to lessons taught in class about the scientific method and theories we have discussed in class. The scientific method is the process of testing to reach a definitive conclusion. This Article teaches its audience about the Common Vulnerability Scoring System (CVSS) and how it is the standard for “measuring the severity of a vulnerability.” The article also shows a bar graph that visually represents the grading system of the CVSS system. The way the CVSS tests for vulnerabilities is similar to the scientific method due to its testing and conclusion basis. The CVSS is the current international standard of testing for exploits and vulnerabilities, and it is the main system of testing that the journal article analyzes. Furthermore, the article also talks about how published exploits can help discover future vulnerabilities, and the article claims that exploits in the wild have the preferred outcome measure. So to remediate the systems professionals must study both types of exploits. In class, we have discussed many theories pertaining to why vulnerabilities happen, and the causes of cybercrime. These systems test vulnerabilities based on those theories of cyber and human behaviors including cognitive theories and behavioral theories. Cognitive theories focus on how individuals think and process information, and the CVSS considers those lines of data when searching for exploits. Behavioral theories focus on negative cyber behaviors and why they happen, the system can use that also as a guideline to have a reasonable response to certain exploits. 

The topic did not relate its study to marginalized groups as it mainly focuses on how to better improve cyber security as a whole, however many groups who may not realize how fragile their information can be may be at risk including those who are not educated in cybersecurity, the elderly, or minority communities who may not have access to the resources to protect themselves from cyber vulnerabilities. However, the overall contribution of the study to society is the knowledge that cyber professionals are actively attempting to create more secure systems through tests and studies. The new ways of adapting and remediating the future vulnerabilities  and solutions reviewed in the journal article can help the data we all share be safer. 

Resources
Jay Jacobs, Sasha Romanosky, Idris Adjerid, Wade Baker, Improving vulnerability remediation through better exploit prediction, Journal of Cybersecurity, Volume 6, Issue 1, 2020, tyaa015, https://doi.org/10.1093/cybsec/tyaa015