• DocumentCode
    2777352
  • Title

    An Analysis of CVSS v2 Environmental Scoring

  • Author

    Ibidapo, Ayodele Oluwaseun ; Zavarsky, Pavol ; Lindskog, Dale ; Ruhl, Ron

  • Author_Institution
    Dept. of Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada
  • fYear
    2011
  • fDate
    9-11 Oct. 2011
  • Firstpage
    1125
  • Lastpage
    1130
  • Abstract
    This paper analyses the effect of the environmental metrics on the CVSS v2, and it shows that the environmental metrics impact the CVSS base score values in more ways than can be gleaned from the CVSS calculator provided by the NVD. This paper also unveils unexpected anomalies of "negative" calculated results of the Overall CVSS score when the base score is subjected to the environmental metrics. It also reveals that base scores of equal values do not necessarily remain equal when subjected to the environmental metrics. The presented results are based on a theoretical analysis of tthe formulas used in the CVSS v2 calculations. An approach to calculating the Overall CVSS score that eliminates the occurrence of "negative" values, and keeps the values within the range (0.0 -- 10.0) as defined in the guide for scoring vulnerabilities in the CVSS v2 is also suggested in this paper.
  • Keywords
    security of data; CVSS v2 environmental scoring; environmental metrics; overall CVSS score; risk management; Availability; Calculators; Equations; Mathematical model; Measurement; Organizations; Security; CVSSv2; Overall CVSS score; base score; environmental metrics; risk management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on
  • Conference_Location
    Boston, MA
  • Print_ISBN
    978-1-4577-1931-8
  • Type

    conf

  • DOI
    10.1109/PASSAT/SocialCom.2011.121
  • Filename
    6113268