2006
DOI: 10.1109/msp.2006.145
|View full text |Cite
|
Sign up to set email alerts
|

Common Vulnerability Scoring System

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

3
229
0
2

Year Published

2007
2007
2024
2024

Publication Types

Select...
3
2
2

Relationship

0
7

Authors

Journals

citations
Cited by 443 publications
(234 citation statements)
references
References 0 publications
3
229
0
2
Order By: Relevance
“…This value thus only depends on each individual vulnerability, which is similar to many existing metrics, such as the CVSS [13]. On the other hand, we can clearly see the limitation of such metrics in assessing the impact, damage, or relevance of vulnerabilities, because such factors are rather determined by the combination of exploits.…”
Section: Definition 1 An Attack Graph G Is a Directed Graph G(e ∪ Csupporting
confidence: 58%
See 3 more Smart Citations
“…This value thus only depends on each individual vulnerability, which is similar to many existing metrics, such as the CVSS [13]. On the other hand, we can clearly see the limitation of such metrics in assessing the impact, damage, or relevance of vulnerabilities, because such factors are rather determined by the combination of exploits.…”
Section: Definition 1 An Attack Graph G Is a Directed Graph G(e ∪ Csupporting
confidence: 58%
“…In Figure 1, we have assigned the individual scores (probabilities shown inside the ovals) based on simple facts, such as a buffer overflow attack requires more skills than executing a remote shell command. In practice, individual scores can be obtained by converting vulnerability scores provided by existing standards, such as the CVSS base score and temporal score [13], to probabilities.…”
Section: The Basic Definitionmentioning
confidence: 99%
See 2 more Smart Citations
“…The importance of exploitability is reflected by its inclusion in all the well-known vulnerability scoring systems. For instance, the Common Vulnerabilities Scoring System (CVSS) [1] computes exploitability as a linear combination of qualitative values. The Computer Emergency Response Team/Coordination Center (CERT/CC) [2] produces a numeric vulnerability score based on a series of questions-one of which is, "How easy is it [the vulnerability] to exploit?"…”
Section: Introductionmentioning
confidence: 99%