CVSS: Ubiquitous and Broken
نویسندگان
چکیده
The Common Vulnerability Scoring System is at the core of vulnerability management for systems private corporations to highly classified government networks, allowing organizations prioritize remediation in descending order risk. With a lack justification its underlying formula, inconsistencies specification document, and no correlation exploited vulnerabilities wild, it unable provide meaningful metric describing vulnerability’s severity, let alone As stands, this standard compromises security America’s most sensitive information systems.
منابع مشابه
Broken heart: Broken mind.
The increased frequency of sudden cardiac death after earthquakes and bombings has long proposed that emotional distress plays a role in acute coronary syndromes and arrhythmias. Since the 1960s, several controlled, prospective, epidemiological studies have reported emotional distress as a major risk factor for the onset and worsening of coronary heart disease (CHD) [1]. The Interheart study, a...
متن کاملA Look at the Time Delays in CVSS Vulnerability Scoring
This empirical paper examines the time delays that occur between the publication of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) information attached to published CVEs. According to the empirical results based on regularized regression analysis of over eighty thousand archived vulnerabilities, (i) the...
متن کاملAnalyzing Trends in Vulnerability Classes across CVSS Metrics
Rising vulnerability statistics demands multidimensional trend analysis for efficient threat mitigation. Understanding trends aids in early detection of problems and also in planning defense mechanisms. In this regard, this paper presents finegrained trend analysis on classified vulnerability data provided by NVD, across six CVSS base metrics. Such analysis of vulnerability data according to th...
متن کاملEstimating the Assessment Difficulty of CVSS Environmental Metrics: An Experiment
[Context] The CVSS framework provides several dimensions to score vulnerabilities. The environmental metrics allow security analysts to downgrade or upgrade vulnerability scores based on a company’s computing environments and security requirements. [Question] How difficult is for a human assessor to change the CVSS environmental score due to changes in security requirements (let alone technical...
متن کاملEvaluating CVSS Base Score Using Vulnerability Rewards Programs
CVSS Base Score and the underlying metrics have been widely used. Recently there have been attempts to validate them. Some of the researchers have questioned the CVSS metrics based on a lack of correlation with the reported exploits and attacks. In this research, we use the independent scales used by the vulnerability reward programs (VRPs) to see if they correlate with the CVSS Base Score. We ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Digital threats
سال: 2022
ISSN: ['2692-1626', '2576-5337']
DOI: https://doi.org/10.1145/3491263