Title :
Vulnerability Discrimination Using CVSS Framework
Author_Institution :
LIUPPA, Univ. of Pau, Mont-de-Marsan, France
Abstract :
In this paper, we study the potentiality of discrimination between vulnerabilities given by CVSS framework. CVSSis an op en framework which assess the intrinsic characteristics of vulnerabilities and gives a severity score for each one. We study the distribution of CVSS metrics (in particular base metrics)in the NVD database. We then focus on the environmental part of CVSS framework, which allows the security level of the user environment to be taken into account. We point out some deficiencies which could be minus points for administrators who want to use this tool in order to discriminate between vulnerabilities, as well as prioritizing those which are the most threatening for their organizations.
Keywords :
database management systems; open systems; security of data; CVSS framework; NVD database; common vulnerability scoring system; national vulnerability database; network administrator; open framework; vulnerability discrimination; Artificial intelligence; Artificial neural networks; Databases; Gold; Measurement; Organizations; Security;
Conference_Titel :
New Technologies, Mobility and Security (NTMS), 2011 4th IFIP International Conference on
Conference_Location :
Paris
Print_ISBN :
978-1-4244-8705-9
Electronic_ISBN :
2157-4952
DOI :
10.1109/NTMS.2011.5720656
