Common Vulnerability Scoring System

Authors:
Peter Mell;Karen Scarfone;Sasha Romanosky
Affiliations:
US National Institute of Standards and Technology;US National Institute of Standards and Technology;Carnegie Mellon University
Venue:
IEEE Security and Privacy
Year:
2006

Citing 0
Cited 17

An Attack Graph-Based Probabilistic Security Metric

Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
k-zero day safety: measuring the security risk of networks against unknown attacks

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Fuzzy classification metrics for scanner assessment and vulnerability reporting

IEEE Transactions on Information Forensics and Security
Evidential structures and metrics for network forensics

International Journal of Internet Technology and Secured Transactions
VRSS: A new system for rating and scoring vulnerabilities

Computer Communications
EVMAT: an OVAL and NVD based enterprise vulnerability modeling and assessment tool

Proceedings of the 49th Annual Southeast Regional Conference
An ACO based approach for detection of an optimal attack path in a dynamic environment

ICDCN'10 Proceedings of the 11th international conference on Distributed computing and networking
The use of application scanners in software product quality assessment

Proceedings of the 8th international workshop on Software quality
A multi-layer tree model for enterprise vulnerability management

Proceedings of the 2011 conference on Information technology education
Cybersecurity risk testing of substation phasor measurement units and phasor data concentrators

Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Are markets for vulnerabilities effective?

MIS Quarterly
Improving VRSS-based vulnerability prioritization using analytic hierarchy process

Journal of Systems and Software
Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements

International Journal of Information Management: The Journal for Information Professionals
Towards quantitative risk management for next generation networks

Telecommunication Economics
A move in the security measurement stalemate: elo-style ratings to quantify vulnerability

Proceedings of the 2012 workshop on New security paradigms
Patch Release Behaviors of Software Vendors in Response to Vulnerabilities: An Empirical Analysis

Journal of Management Information Systems
A novel approach to evaluate software vulnerability prioritization

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

Vendors have historically used proprietary methods for scoring software vulnerabilities, usually without detailing their criteria or processes. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for consistently and accurately assessing and quantifying software vulnerabilities' impact on organizations.