On prioritization of vulnerability categories based on CVSS scores

Author

Tripathi, Anshu ; Singh, Umesh Kumar

Author_Institution

Dept. of Inf. Technol., Mahakal Inst. of Technol., Ujjain, India

fYear

2011

fDate

Nov. 29 2011-Dec. 1 2011

Firstpage

692

Lastpage

697

Abstract

In view of increasing population of vulnerabilities, quantitative evaluation of vulnerabilities is necessary for efficient mitigation. Evaluation on classified vulnerability datasets can further improve the mitigation process. Objective of this paper is to develop security metrics to prioritize vulnerability categories based on CVSS scores to step ahead in this regard. In this context, security metrics are developed to reevaluate and unify vulnerability severity scores depending on availability of patches and age of vulnerability. Proposed metrics are applied on 5177 vulnerabilities extracted from NVD published in recent one year and vulnerability categories are prioritized and ranked based on cumulative severity scores.

Keywords

security of data; CVSS scores; quantitative evaluation; security metrics; vulnerability categories; vulnerability datasets; Access control; Authentication; Databases; Measurement; Publishing; Resource management; CVSS score; Security metric; Vulnerability; Vulnerability category;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Sciences and Convergence Information Technology (ICCIT), 2011 6th International Conference on

Conference_Location

Seogwipo

Print_ISBN

978-1-4577-0472-7

Type

conf

Filename

6316705