2015
DOI: 10.1051/matecconf/20153116004
|View full text |Cite
|
Sign up to set email alerts
|

Using CVSS to quantitatively analyze risks to software caused by vulnerabilities

Abstract: Abstract. Quantitative methods for evaluating and managing software security are becoming reliable with the ever increasing vulnerability datasets. The Common Vulnerability Scoring System (CVSS) provides a way to quantitatively evaluate individual vulnerability. However it cannot be applied to evaluate software risk directly and some metrics of CVSS are hard to assess. To overcome these shortcomings, this paper presents a novel method, which combines the CVSS base score with market share and software patches, … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2

Citation Types

0
2
0

Year Published

2019
2019
2021
2021

Publication Types

Select...
1
1

Relationship

0
2

Authors

Journals

citations
Cited by 2 publications
(2 citation statements)
references
References 6 publications
0
2
0
Order By: Relevance
“…But the proposed framework is limited to a specific environment and has also increased the complexity. On similar lines, Gao et al (2015) introduced the new terms, to define absolute, relative, and security severity values as a modification in CVSS. Thus, stressing evaluating the whole system's security in place of a component's vulnerability.…”
Section: Related Workmentioning
confidence: 99%
“…But the proposed framework is limited to a specific environment and has also increased the complexity. On similar lines, Gao et al (2015) introduced the new terms, to define absolute, relative, and security severity values as a modification in CVSS. Thus, stressing evaluating the whole system's security in place of a component's vulnerability.…”
Section: Related Workmentioning
confidence: 99%
“…Gao [7] suggested the use of new metrics, namely, 'absolute severity value', 'relative severity value' and 'security severity values' to enhance the calculations in the CVSS framework. This addition to CVSS enabled security administrators to evaluate the security of whole software system, instead of focusing on individual vulnerability of a component.…”
Section: Related Workmentioning
confidence: 99%