DocumentCode
2777352
Title
An Analysis of CVSS v2 Environmental Scoring
Author
Ibidapo, Ayodele Oluwaseun ; Zavarsky, Pavol ; Lindskog, Dale ; Ruhl, Ron
Author_Institution
Dept. of Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada
fYear
2011
fDate
9-11 Oct. 2011
Firstpage
1125
Lastpage
1130
Abstract
This paper analyses the effect of the environmental metrics on the CVSS v2, and it shows that the environmental metrics impact the CVSS base score values in more ways than can be gleaned from the CVSS calculator provided by the NVD. This paper also unveils unexpected anomalies of "negative" calculated results of the Overall CVSS score when the base score is subjected to the environmental metrics. It also reveals that base scores of equal values do not necessarily remain equal when subjected to the environmental metrics. The presented results are based on a theoretical analysis of tthe formulas used in the CVSS v2 calculations. An approach to calculating the Overall CVSS score that eliminates the occurrence of "negative" values, and keeps the values within the range (0.0 -- 10.0) as defined in the guide for scoring vulnerabilities in the CVSS v2 is also suggested in this paper.
Keywords
security of data; CVSS v2 environmental scoring; environmental metrics; overall CVSS score; risk management; Availability; Calculators; Equations; Mathematical model; Measurement; Organizations; Security; CVSSv2; Overall CVSS score; base score; environmental metrics; risk management;
fLanguage
English
Publisher
ieee
Conference_Titel
Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on
Conference_Location
Boston, MA
Print_ISBN
978-1-4577-1931-8
Type
conf
DOI
10.1109/PASSAT/SocialCom.2011.121
Filename
6113268
Link To Document