Title :
An Analysis of CVSS v2 Environmental Scoring
Author :
Ibidapo, Ayodele Oluwaseun ; Zavarsky, Pavol ; Lindskog, Dale ; Ruhl, Ron
Author_Institution :
Dept. of Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada
Abstract :
This paper analyses the effect of the environmental metrics on the CVSS v2, and it shows that the environmental metrics impact the CVSS base score values in more ways than can be gleaned from the CVSS calculator provided by the NVD. This paper also unveils unexpected anomalies of "negative" calculated results of the Overall CVSS score when the base score is subjected to the environmental metrics. It also reveals that base scores of equal values do not necessarily remain equal when subjected to the environmental metrics. The presented results are based on a theoretical analysis of tthe formulas used in the CVSS v2 calculations. An approach to calculating the Overall CVSS score that eliminates the occurrence of "negative" values, and keeps the values within the range (0.0 -- 10.0) as defined in the guide for scoring vulnerabilities in the CVSS v2 is also suggested in this paper.
Keywords :
security of data; CVSS v2 environmental scoring; environmental metrics; overall CVSS score; risk management; Availability; Calculators; Equations; Mathematical model; Measurement; Organizations; Security; CVSSv2; Overall CVSS score; base score; environmental metrics; risk management;
Conference_Titel :
Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4577-1931-8
DOI :
10.1109/PASSAT/SocialCom.2011.121
