Title :
Common Vulnerability Scoring System
Author :
Mell, Peter ; Scarfone, Karen ; Romanosky, Sasha
Author_Institution :
Comput. Security Div., US Nat. Inst. of Stand. & Technol., Gaithersburg, MD
Abstract :
Historically, vendors have used their own methods for scoring software vulnerabilities, usually without detailing their criteria or processes. This creates a major problem for users, particularly those who manage disparate IT systems and applications. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for assessing and quantifying the impact of software vulnerabilities. Organizations currently generating CVSS scores include Cisco, US National Institute of Standards and Technology (through the US National Vulnerability Database; NVD), Qualys, Oracle, and Tenable Network Security. CVSS offers the following benefits: 1) standardized vulnerability scores, 2) contextual scoring and 3) open framework. The goal is for CVSS to facilitate the generation of consistent scores that accurately represent the impact of vulnerabilities
Keywords :
DP industry; security of data; software maintenance; software management; software reliability; IT systems; common vulnerability scoring system; consistent scores; contextual scoring; open framework; software vulnerability; standardized vulnerability scores; Application software; Authentication; Computer security; Cryptography; Dictionaries; Operating systems; Privacy; Standards publication; Uniform resource locators; CVE; Common Vulnerabilities and Exposures; NVD; National Vulnerability Database; vulnerability assessment;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2006.145
