Title :
Towards standardization of vulnerability taxonomy
Author :
Tripathi, Anshu ; Singh, Umesh Kumar
Author_Institution :
Dept. of Inf. Technol., Mahakal Inst. of Technol., Ujjain, India
Abstract :
One of the major problem in information system security assessment is lack of standard vulnerability categorization scheme or taxonomy. Various analyses indicated that majority of software vulnerabilities tend to focus in few areas and associated with small set of services. An effective vulnerability taxonomy that can relate vulnerability causes, effects and countermeasures can aid in security assessment. Researchers and security analysts also widely recognized the need of standard vulnerability taxonomy for security assessment and measurement of software tools, services and systems. Keeping in view high rising need of such standard taxonomy of vulnerability, prominent efforts in this direction are critically reviewed. Status of efforts towards categorization of CVE dictionary is also examined. This paper aims to help researchers in developing standard vulnerability taxonomy by highlighting common pitfalls associated with previous efforts and provide guidelines for future work.
Keywords :
information systems; security of data; software tools; CVE dictionary; information system security assessment; software tools; software vulnerabilities; vulnerability taxonomy standardization; Security; Taxonomy; Welding; Security Assessment; Taxonomy; Vulnerability; Vulnerability Classsification;
Conference_Titel :
Computer Technology and Development (ICCTD), 2010 2nd International Conference on
Conference_Location :
Cairo
Print_ISBN :
978-1-4244-8844-5
Electronic_ISBN :
978-1-4244-8845-2
DOI :
10.1109/ICCTD.2010.5645826
