The paper focuses on the attempt to show a way of automating IT vulnerability management across enterprise systems with the use of the Security Content Automation Protocol. SCAP offers a set of components which provide, among others, adjustable security checklists, standardised dictionaries of security vulnerabilities and vulnerability scoring methods that may prove valuable for organisations in terms of security analysis activities and quantitative risk assessment.
Majority of the currently known quantitative models for vulnerability analysis do not allow for a comprehensive vulnerability prediction process for a selected software. The article presents the outline of the method for predicting software vulnerabilities. The presented solution is based on probabilistic properties that allow to reflect external and internal factors affecting software and determining its vulnerabilities. Also, a possible direction of further method development was described, indicating the way of improving the method with elements representing preventive measures, as a result of which it may be possible to limit or eliminate potential software vulnerabilities.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.