Skip to main content
SpringerLink
Log in

A revised CVSS-based system to improve the dispersion of vulnerability risk scores

  • Letter
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  1. Shlens J. A tutorial on principal component analysis. 2014. ArXiv:1404.1100

    Google Scholar 

  2. Mell P, Scarfone K. Improving the common vulnerability scoring system. IET Inf Secur, 2007, 1: 119–127

    Article  Google Scholar 

  3. Holm H, Afridi K K. An expert-based investigation of the common vulnerability scoring system. Comput Secur, 2015, 53: 18–30

    Article  Google Scholar 

  4. Fruhwirth C, Mannisto T. Improving CVSS-based vulnerability prioritization and response with context information. In: Proceedings of the 3rd International Symposium on Empirical Software Engineering and Measurement, Lake Buena Vista, 2009. 535–544

    Google Scholar 

  5. Ghani H, Luna J, Suri N. Quantitative assessment of software vulnerabilities based on economic-driven security metrics. In: Proceedings of International Conference on Risks and Security of Internet and Systems, La Rochelle, 2013

    Google Scholar 

  6. Keramati M, Keramati M. Novel security metrics for ranking vulnerabilities in computer networks. In: Proceedings of the 7th International Symposium on Telecommunications, Tehran, 2015. 883–888

    Google Scholar 

  7. Liu Q X, Zhang Y Q, Kong Y, et al. Improving VRSSbased vulnerability prioritization using analytic hierarchy process. J Syst Softw, 2012, 85: 1699–1708

    Article  Google Scholar 

  8. Keramati M. New vulnerability scoring system for dynamic security evaluation. In: Proceedings of the 8th International Symposium on Telecommunications, Tehran, 2017. 746–751

    Google Scholar 

Download references

Acknowledgements

This work was supported by National Key R&D Program of China (Grant No. 2016YFB0800700), National Natural Science Foundation of China (Grant Nos. 61572460, 61272481), Open Project Program of State Key Laboratory of Information Security (Grant No. 2017-ZD-01), National Information Security Special Projects of National Development and Reform Commission of China (Grant No. (2012)1424), and Programme of Introducing Talents of Discipline to Universities (111 Project) (Grant No. B16037).

Author information

Authors and Affiliations

  1. National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, 101408, China

    Chensi Wu & Yuqing Zhang

  2. China Academy of Electronics and Information Technology, Beijing, 100041, China

    Tao Wen

  3. State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an, 710071, China

    Yuqing Zhang

Authors
  1. Chensi Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tao Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuqing Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuqing Zhang.

Electronic supplementary material

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wu, C., Wen, T. & Zhang, Y. A revised CVSS-based system to improve the dispersion of vulnerability risk scores. Sci. China Inf. Sci. 62, 39102 (2019). https://doi.org/10.1007/s11432-017-9445-4

Download citation

  • Received:

  • Revised:

  • Published:

  • DOI: https://doi.org/10.1007/s11432-017-9445-4

Search

Navigation