Title :
A software application to analyze the effects of temporal and environmental metrics on overall CVSS v2 score
Author :
Ali, Assad ; Zavarsky, Pavol ; Lindskog, Dale ; Ruhl, Ron
Author_Institution :
Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada
Abstract :
The Common Vulnerability Scoring System (CVSS) is an emerging standard for scoring the impact of vulnerabilities. The CVSS base score has been widely adopted by the industry as a framework for exchanging general vulnerability information, while CVSS temporal and environmental scores, which estimate the effect of vulnerabilities within specific environments, is yet to become part of routine IT risk assessment methodologies. To mitigate the effects of vulnerabilities in an environment, a large number of combinations of environmental metric group values can be manipulated. Due to the unavailability of an efficient CVSS tool, identification of the optimum combination for reducing the score to an acceptable level is a daunting task. This paper reports on a software application developed to help to mitigate the risks and study the effects of temporal and environmental metrics on the overall CVSS v2 score. The developed software solution will be released under the Creative Commons Attribution 3.0.
Keywords :
risk management; security of data; software engineering; CVSS base score; CVSS tool; CVSS v2 score; IT risk assessment methodology; common vulnerability scoring system; creative common attribution 3.0; environmental metric group; information vulnerability; software application; temporal metrics; Calculators; Measurement; Organizations; Risk management; Security; Software; Standards organizations;
Conference_Titel :
Internet Security (WorldCIS), 2011 World Congress on
Conference_Location :
London
Print_ISBN :
978-1-4244-8879-7
Electronic_ISBN :
978-0-9564263-7-6
