A Software Vulnerability Rating Approach Based on the Vulnerability Database
CVSS is a specification for measuring the relative severity of software vulnerabilities. The performance values of the CVSS given by CVSS-SIG cannot describe the reasons for the software vulnerabilities. This approach fails to distinguish between software vulnerabilities that have the same score but...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi Limited
2014-01-01
|
| Series: | Journal of Applied Mathematics |
| Online Access: | http://dx.doi.org/10.1155/2014/932397 |
| Summary: | CVSS is a specification for measuring the relative
severity of software vulnerabilities. The performance values of
the CVSS given by CVSS-SIG cannot describe the reasons for
the software vulnerabilities. This approach fails to distinguish
between software vulnerabilities that have the same score but
different levels of severity. In this paper, a software vulnerability
rating approach (SVRA) is proposed. The vulnerability database
is used by SVRA to analyze the frequencies of CVSS’s metrics
at different times. Then, the equations for both exploitability
and impact subscores are given in terms of these frequencies.
SVRA performs a weighted average of these two subscores to
create an SVRA score. The score of a vulnerability is dynamically
calculated at different times using the vulnerability database.
Experiments were performed to validate the efficiency of the
SVRA. |
|---|---|
| ISSN: | 1110-757X 1687-0042 |