SHA512 and MD5 Algorithm Vulnerability Testing Using Common Vulnerability Scoring System (CVSS)

The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems

A Look at the Time Delays in CVSS Vulnerability Scoring

This empirical paper examines the time delays that occur between the publication of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) information attached to published CVEs. According to the empirical results based on regularized regression analysis of over eighty thousand archived vulnerabilities, (i) the...

Evaluating CVSS Base Score Using Vulnerability Rewards Programs

CVSS Base Score and the underlying metrics have been widely used. Recently there have been attempts to validate them. Some of the researchers have questioned the CVSS metrics based on a lack of correlation with the reported exploits and attacks. In this research, we use the independent scales used by the vulnerability reward programs (VRPs) to see if they correlate with the CVSS Base Score. We ...

Analyzing Trends in Vulnerability Classes across CVSS Metrics

Rising vulnerability statistics demands multidimensional trend analysis for efficient threat mitigation. Understanding trends aids in early detection of problems and also in planning defense mechanisms. In this regard, this paper presents finegrained trend analysis on classified vulnerability data provided by NVD, across six CVSS base metrics. Such analysis of vulnerability data according to th...

Vulnerability Testing of Software System Using Fault Injection

We describe an approach for testing a software system for possible security flaws. Traditionally, security testing is done using penetration analysis and formal methods. Based on the observation that most security flaws are triggered due to a flawed interaction with the environment, we view the security testing problem as the problem of testing for the fault-tolerance properties of a software s...