CVSS is a specification for measuring the relative severity of software vulnerabilities. The performance values of the CVSS given by CVSS-SIG cannot describe the reasons for the software vulnerabilities. This approach fails to distinguish between software vulnerabilities that have the same score but different levels of severity. In this paper, a software vulnerability rating approach (SVRA) is proposed. The vulnerability database is used by SVRA to analyze the frequencies of CVSS’s metrics at different times. Then, the equations for both exploitability and impact subscores are given in terms of these frequencies. SVRA performs a weighted average of these two subscores to create an SVRA score. The score of a vulnerability is dynamically calculated at different times using the vulnerability database. Experiments were performed to validate the efficiency of the SVRA.
A Software Vulnerability Rating Approach Based on the Vulnerability Database
Jian Luo,Kueiming Lo,Haoran Qu
Published 2014 in Journal of Applied Mathematics
ABSTRACT
PUBLICATION RECORD
- Publication year
2014
- Venue
Journal of Applied Mathematics
- Publication date
2014-05-29
- Fields of study
Computer Science
- Identifiers
- External record
- Source metadata
Semantic Scholar
CITATION MAP
EXTRACTION MAP
CLAIMS
- No claims are published for this paper.
CONCEPTS
- No concepts are published for this paper.
REFERENCES
Showing 1-7 of 7 references · Page 1 of 1
CITED BY
Showing 1-10 of 10 citing papers · Page 1 of 1