• DocumentCode
    2410612
  • Title

    On the Impact of Environmental Metrics on CVSS Scores

  • Author

    Gallon, Laurent

  • Author_Institution
    LIUPPA, Mont-de-Marsan, France
  • fYear
    2010
  • fDate
    20-22 Aug. 2010
  • Firstpage
    987
  • Lastpage
    992
  • Abstract
    CVSS is a framework which provides a method for rating the severity level of IT vulnerabilities. It takes into account not only the intrinsic characteristics of the vulnerability, but also its evolution over time and the user environment in which it is detected. A severity, or CVSS, score, is evaluated using several metrics : base / temporal / environmental. Base metrics assessments are achieved through organizations which maintain IT dictionaries ( CVE for example). These ratings can be found in public IT vulnerability databases such as NVD, OSVDB, ... This paper studies the impact of applying environmental metrics to CVSS scores stored in NVD database, focuses on the variation of CVSS score distribution and identifies specific problems in modified CVSS score formulae.
  • Keywords
    database management systems; security of data; software metrics; CVSS scores; IT dictionaries; IT vulnerabilities; NVD database; base metrics assessments; common vulnerability scoring system; environmental metrics; public IT vulnerability databases; Conferences; Privacy; Security; Social network services; CVSS; NVD database; severity measurement; vulnerabilities;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Social Computing (SocialCom), 2010 IEEE Second International Conference on
  • Conference_Location
    Minneapolis, MN
  • Print_ISBN
    978-1-4244-8439-3
  • Electronic_ISBN
    978-0-7695-4211-9
  • Type

    conf

  • DOI
    10.1109/SocialCom.2010.146
  • Filename
    5591391
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2410612