A software application to analyze the effects of temporal and environmental metrics on overall CVSS v2 score

Author

Ali, Assad ; Zavarsky, Pavol ; Lindskog, Dale ; Ruhl, Ron

Author_Institution

Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada

fYear

2011

fDate

21-23 Feb. 2011

Firstpage

109

Lastpage

113

Abstract

The Common Vulnerability Scoring System (CVSS) is an emerging standard for scoring the impact of vulnerabilities. The CVSS base score has been widely adopted by the industry as a framework for exchanging general vulnerability information, while CVSS temporal and environmental scores, which estimate the effect of vulnerabilities within specific environments, is yet to become part of routine IT risk assessment methodologies. To mitigate the effects of vulnerabilities in an environment, a large number of combinations of environmental metric group values can be manipulated. Due to the unavailability of an efficient CVSS tool, identification of the optimum combination for reducing the score to an acceptable level is a daunting task. This paper reports on a software application developed to help to mitigate the risks and study the effects of temporal and environmental metrics on the overall CVSS v2 score. The developed software solution will be released under the Creative Commons Attribution 3.0.

Keywords

risk management; security of data; software engineering; CVSS base score; CVSS tool; CVSS v2 score; IT risk assessment methodology; common vulnerability scoring system; creative common attribution 3.0; environmental metric group; information vulnerability; software application; temporal metrics; Calculators; Measurement; Organizations; Risk management; Security; Software; Standards organizations;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Security (WorldCIS), 2011 World Congress on

Conference_Location

London

Print_ISBN

978-1-4244-8879-7

Electronic_ISBN

978-0-9564263-7-6

Type

conf

Filename

5749893