A framework for designing vulnerability metrics
Vulnerability analysis has long been used to evaluate the security posture of a system.
Different approaches, including vulnerability graphs and various vulnerability metrics, have …
Different approaches, including vulnerability graphs and various vulnerability metrics, have …
Impact metrics of security vulnerabilities: Analysis and weighing
The number of vulnerabilities discovered and reported during the recent decades is
enormous, making an improved ranking and prioritization of vulnerabilities' severity a major …
enormous, making an improved ranking and prioritization of vulnerabilities' severity a major …
Improving the common vulnerability scoring system
P Mell, K Scarfone - IET Information Security, 2007 - IET
The Common Vulnerability Scoring System is an emerging standard for scoring the impact of
vulnerabilities. The results of an analysis of the scoring system and that of an experiment …
vulnerabilities. The results of an analysis of the scoring system and that of an experiment …
An expert-based investigation of the common vulnerability scoring system
H Holm, KK Afridi - Computers & Security, 2015 - Elsevier
Abstract The Common Vulnerability Scoring System (CVSS) is the most widely used
standard for quantifying the severity of security vulnerabilities. For instance, all …
standard for quantifying the severity of security vulnerabilities. For instance, all …
Empirical analysis of system-level vulnerability metrics through actual attacks
The Common Vulnerability Scoring System (CVSS) is a widely used and well-established
standard for classifying the severity of security vulnerabilities. For instance, all vulnerabilities …
standard for classifying the severity of security vulnerabilities. For instance, all vulnerabilities …
The Holy Grail of Vulnerability Predictions
F Massacci - IEEE Security & Privacy, 2024 - ieeexplore.ieee.org
The Holy Grail of Vulnerability Predictions Page 1 4 January/February 2024 Copublished by
the IEEE Computer and Reliability Societies 1540-7993/24©2024IEEE FROM THE EDITORS …
the IEEE Computer and Reliability Societies 1540-7993/24©2024IEEE FROM THE EDITORS …
Methodologies to develop quantitative risk evaluation metrics
The goal of this work is to advance a new methodology to measure a severity cost for each
host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and …
host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and …
An empirical study of vulnerability discovery methods over the past ten years
L Cui, J Cui, Z Hao, L Li, Z Ding, Y Liu - Computers & Security, 2022 - Elsevier
In recent years, hundreds of vulnerability discovery methods have been proposed and
proven to be effective (ie, Is Effective) by discovering thousands of vulnerabilities in real …
proven to be effective (ie, Is Effective) by discovering thousands of vulnerabilities in real …
VRSS: A new system for rating and scoring vulnerabilities
Q Liu, Y Zhang - Computer Communications, 2011 - Elsevier
Vulnerabilities are extremely important for network security. IT management must identify
and assess vulnerabilities across many disparate hardware and software platforms to …
and assess vulnerabilities across many disparate hardware and software platforms to …
Risk prioritization by leveraging latent vulnerability features in a contested environment
Cyber network defenders face an overwhelming volume of software vulnerabilities.
Resource limitations preclude them mitigating all but a small number of vulnerabilities on an …
Resource limitations preclude them mitigating all but a small number of vulnerabilities on an …