Information security models and metrics
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Ontology-based security assessment for software products
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
OVM: an ontology for vulnerability management
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Security metrics for software systems
Proceedings of the 47th Annual Southeast Regional Conference
Hi-index | 0.00 |
It is widely recognized that metrics are important to information security. Metrics can be an effective tool for companies and information security professionals to measure, control, and improve their security control and mechanisms. However, common security metrics are often qualitative, subjective, and informal in the sense that they are lacking formal models and automated support. This paper discussed our work on temporal metrics for software vulnerabilities based on the Common Vulnerability Scoring System 2.0. A mathematical model is provided to calculate the severity and risk of a vulnerability, which is time dependent including exploitability, remediation level, and report confidence attributes of an information asset in a computing environment. A prototype of an automated tool, CVSSWizzard, is illustrated with examples.