Vulnerability analysis For evaluating quality of protection of security policies
Proceedings of the 2nd ACM workshop on Quality of protection
Analysing the Performance of Security Solutions to Reduce Vulnerability Exposure Window
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Open source vs. closed source software: towards measuring security
Proceedings of the 2009 ACM symposium on Applied Computing
On a Classification Approach for SOA Vulnerabilities
COMPSAC '09 Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 02
Ranking Attacks Based on Vulnerability Analysis
HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences
Information Systems Research
A Categorization Framework for Common Computer Vulnerabilities and Exposures
The Computer Journal
A comparison of software design security metrics
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
A model for quantitative security measurement and prioritisation of vulnerability mitigation
International Journal of Security and Networks
Hi-index | 0.00 |
Objective and automated means for security measurement are becoming essential for security management. The security level of any system can be measured in terms of risk level posed by the presence of vulnerabilities in it. The process can be further improved, if well classified vulnerability datasets are used. With classified vulnerability data, multiple vulnerabilities of same genre can be addressed simultaneously that in turn increases objectivity and scope of security management. In this paper, we proposed an approach to measure severity level of vulnerability categories and develop metrics to estimate risk levels of vulnerability categories. The proposed approach re-evaluate and unify risk levels of vulnerabilities present in a vulnerability category based on vulnerability characteristics, vulnerability population, availability of patches and age of vulnerability to estimate risk level of category. Developed metrics are applied on real vulnerability data repository by NVD and risk levels estimated for 23 vulnerability categories under which NVD classify vulnerability data.