Title :
On prioritization of vulnerability categories based on CVSS scores
Author :
Tripathi, Anshu ; Singh, Umesh Kumar
Author_Institution :
Dept. of Inf. Technol., Mahakal Inst. of Technol., Ujjain, India
fDate :
Nov. 29 2011-Dec. 1 2011
Abstract :
In view of increasing population of vulnerabilities, quantitative evaluation of vulnerabilities is necessary for efficient mitigation. Evaluation on classified vulnerability datasets can further improve the mitigation process. Objective of this paper is to develop security metrics to prioritize vulnerability categories based on CVSS scores to step ahead in this regard. In this context, security metrics are developed to reevaluate and unify vulnerability severity scores depending on availability of patches and age of vulnerability. Proposed metrics are applied on 5177 vulnerabilities extracted from NVD published in recent one year and vulnerability categories are prioritized and ranked based on cumulative severity scores.
Keywords :
security of data; CVSS scores; quantitative evaluation; security metrics; vulnerability categories; vulnerability datasets; Access control; Authentication; Databases; Measurement; Publishing; Resource management; CVSS score; Security metric; Vulnerability; Vulnerability category;
Conference_Titel :
Computer Sciences and Convergence Information Technology (ICCIT), 2011 6th International Conference on
Conference_Location :
Seogwipo
Print_ISBN :
978-1-4577-0472-7
