Analyzing Trends in Vulnerability Classes across CVSS Metrics
نویسندگان
چکیده
Rising vulnerability statistics demands multidimensional trend analysis for efficient threat mitigation. Understanding trends aids in early detection of problems and also in planning defense mechanisms. In this regard, this paper presents finegrained trend analysis on classified vulnerability data provided by NVD, across six CVSS base metrics. Such analysis of vulnerability data according to their type, CIA impact, access vector and access complexity helpful in identifying most critical class of vulnerability relative to system environment and improve risk mitigation process.
منابع مشابه
Quantitative Security Risk Evaluation using CVSS Metrics by Estimation of Frequency and Maturity of Exploit
The evaluation of network risk is a vital task. It is an essential step in securing any network. This evaluation can help security professionals in making optimal decisions about how to design security countermeasures in order to improve security. This paper proposes a risk estimation model that uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerabi...
متن کاملOn Computing Enterprise IT Risk Metrics
External Posting Date: February 21, 2011 [Fulltext] Approved for External Publication Internal Posting Date: February 21, 2011 [Fulltext] On Computing Enterprise IT Risk Metrics Sandeep Bhatt, William Horne, Prasad Rao HP Laboratories HPL-2011-26 Assessing the vulnerability of large heterogeneous systems is crucial to IT operational decisions such as prioritizing the deployment of security pa...
متن کاملEstimating the Assessment Difficulty of CVSS Environmental Metrics: An Experiment
[Context] The CVSS framework provides several dimensions to score vulnerabilities. The environmental metrics allow security analysts to downgrade or upgrade vulnerability scores based on a company’s computing environments and security requirements. [Question] How difficult is for a human assessor to change the CVSS environmental score due to changes in security requirements (let alone technical...
متن کاملEvaluating CVSS Base Score Using Vulnerability Rewards Programs
CVSS Base Score and the underlying metrics have been widely used. Recently there have been attempts to validate them. Some of the researchers have questioned the CVSS metrics based on a lack of correlation with the reported exploits and attacks. In this research, we use the independent scales used by the vulnerability reward programs (VRPs) to see if they correlate with the CVSS Base Score. We ...
متن کاملA Framework for Software Security Risk Evaluation using the Vulnerability Lifecycle and CVSS Metrics
A vulnerability that has been discovered but is unpatched represents a security risk to a system. During the lifetime of a software system, new vulnerabilities are discovered over time. There are two opposing actors, the patch developers and the potential exploiters. An exploit can happen immediately after a disclosure, perhaps even before the disclosure if the discovery is made by a black-hat ...
متن کامل