• DocumentCode
    2614077
  • Title

    Vulnerability Discrimination Using CVSS Framework

  • Author

    Gallon, Laurent

  • Author_Institution
    LIUPPA, Univ. of Pau, Mont-de-Marsan, France
  • fYear
    2011
  • fDate
    7-10 Feb. 2011
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    In this paper, we study the potentiality of discrimination between vulnerabilities given by CVSS framework. CVSSis an op en framework which assess the intrinsic characteristics of vulnerabilities and gives a severity score for each one. We study the distribution of CVSS metrics (in particular base metrics)in the NVD database. We then focus on the environmental part of CVSS framework, which allows the security level of the user environment to be taken into account. We point out some deficiencies which could be minus points for administrators who want to use this tool in order to discriminate between vulnerabilities, as well as prioritizing those which are the most threatening for their organizations.
  • Keywords
    database management systems; open systems; security of data; CVSS framework; NVD database; common vulnerability scoring system; national vulnerability database; network administrator; open framework; vulnerability discrimination; Artificial intelligence; Artificial neural networks; Databases; Gold; Measurement; Organizations; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    New Technologies, Mobility and Security (NTMS), 2011 4th IFIP International Conference on
  • Conference_Location
    Paris
  • ISSN
    2157-4952
  • Print_ISBN
    978-1-4244-8705-9
  • Electronic_ISBN
    2157-4952
  • Type

    conf

  • DOI
    10.1109/NTMS.2011.5720656
  • Filename
    5720656
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2614077