Common Vulnerability Scoring System
IEEE Security and Privacy
PCChecker: Harding Windows Security Configurations
ICCIT '08 Proceedings of the 2008 Third International Conference on Convergence and Hybrid Information Technology - Volume 02
A Study and Implementation of Vulnerability Assessment and Misconfiguration Detection
APSCC '08 Proceedings of the 2008 IEEE Asia-Pacific Services Computing Conference
Improving VRSS-based vulnerability prioritization using analytic hierarchy process
Journal of Systems and Software
WIVSS: a new methodology for scoring information systems vulnerabilities
Proceedings of the 17th Panhellenic Conference on Informatics
A novel approach to evaluate software vulnerability prioritization
Journal of Systems and Software
| Hi-index | 0.24 |
Vulnerabilities are extremely important for network security. IT management must identify and assess vulnerabilities across many disparate hardware and software platforms to prioritize these vulnerabilities and remediate those that pose the greatest risk. The focus of our research is the comparative analysis of existing vulnerability rating systems, so as to discover their respective advantages and propose a compatible rating framework to unify them. We do the statistic work on vulnerabilities of three famous vulnerability databases (IBM ISS X-Force, Vupen Security and National Vulnerability database) and analyze the distribution of vulnerabilities to expose the differences among different vulnerability rating systems. The statistical results show that the distributions of vulnerabilities are not much consistent with the normal distribution. Taking into account all kinds of existing vulnerability rating systems, we propose VRSS for qualitative rating and quantitative scoring vulnerabilities, which can combine respective advantages of all kinds of vulnerability rating systems. An experimental study of 33,654 vulnerabilities demonstrates that VRSS works well.