Title :
On the Impact of Environmental Metrics on CVSS Scores
Author_Institution :
LIUPPA, Mont-de-Marsan, France
Abstract :
CVSS is a framework which provides a method for rating the severity level of IT vulnerabilities. It takes into account not only the intrinsic characteristics of the vulnerability, but also its evolution over time and the user environment in which it is detected. A severity, or CVSS, score, is evaluated using several metrics : base / temporal / environmental. Base metrics assessments are achieved through organizations which maintain IT dictionaries ( CVE for example). These ratings can be found in public IT vulnerability databases such as NVD, OSVDB, ... This paper studies the impact of applying environmental metrics to CVSS scores stored in NVD database, focuses on the variation of CVSS score distribution and identifies specific problems in modified CVSS score formulae.
Keywords :
database management systems; security of data; software metrics; CVSS scores; IT dictionaries; IT vulnerabilities; NVD database; base metrics assessments; common vulnerability scoring system; environmental metrics; public IT vulnerability databases; Conferences; Privacy; Security; Social network services; CVSS; NVD database; severity measurement; vulnerabilities;
Conference_Titel :
Social Computing (SocialCom), 2010 IEEE Second International Conference on
Conference_Location :
Minneapolis, MN
Print_ISBN :
978-1-4244-8439-3
Electronic_ISBN :
978-0-7695-4211-9
DOI :
10.1109/SocialCom.2010.146
