Improving CVSS-based vulnerability prioritization and response with context information
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Hi-index | 0.00 |
New security vulnerabilities are discovered on a daily basis. With each new announcement, the same questions arise. How significant is this vulnerability? How prevalent? How easy is it to exploit? Due to a lack of global vulnerability data, answers are hard to find and risk rating is even more difficult. The Laws of Vulnerabilities are the conclusions of analyzing statistical vulnerability information over a three-year period. Those vulnerabilities have been identified in the real world across hundreds of thousands of systems and networks. These data are not identifiable to individual users or systems. However, it provides significant statistical data for research and analysis, which enabled us to define and publish the Laws of Vulnerabilities (http://www.qualys.com/research/rnd/vulnlaws/).