Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Improving the Common Vulnerability Scoring System

Improving the Common Vulnerability Scoring System

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The Common Vulnerability Scoring System is an emerging standard for scoring the impact of vulnerabilities. The results of an analysis of the scoring system and that of an experiment scoring a large set of vulnerabilities using the standard are presented. Although the scoring system was found to be useful, it contains a variety of deficiencies that limit its ability to measure the impact of vulnerabilities. The study demonstrates how these deficiencies could be addressed in subsequent versions of the standard and how these changes are backwards-compatible with the existing scoring efforts. In conclusion a recommendation for a revised scoring system and an analysis of experiments that demonstrate how the revision would address deficiencies discovered in the existing version of the standard are presented.

References

    1. 1)
      • Microsoft Corporation. Microsoft security response center security bulletin severity rating system, 2002. Available at: http://www.microsoft.com/technet/security/bulletin/rating.mspx, accessed 9 March 2006.
    2. 2)
      • M. Schiffman . (2005) A complete guide to the common vulnerability scoring system.
    3. 3)
      • National Vulnerability Database. Available at: http://nvd.nist.gov/.
    4. 4)
      • Forum of Incident Response and Security Teams (FIRST). FIRST web site, 2006. Available at: http://www.first.org/, accessed 9 March 2006.
    5. 5)
      • Qualys. Vulnerability severity levels defined. Undated. Available at: http://www.qualys.com/research/rnd/knowledge/severity/, accessed 9 March 2006.
    6. 6)
      • SANS Institute. SANS critical vulnerability analysis archive. Undated. Available at: http://www.sans.org/newsletters/cva/, accessed 9 March 2006.
    7. 7)
      • The MITRE Corporation. Common vulnerabilities and exposures, 2006. Available at: http://cve.mitre.org/, accessed 9 March 2006.
    8. 8)
      • CVSS Management Team listing. Available at: http://www.first.org/cvss/team/.
    9. 9)
      • United States Computer Emergency Readiness Team (US-CERT). US-CERT vulnerability note field descriptions, 2006. Available at: http://www.kb.cert.org/vuls/html/fieldhelp, accessed 9 March 2006.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs_20060055
Loading

Related content

content/journals/10.1049/iet-ifs_20060055
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address