On the impact of environmental metrics on CVSS scores - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2010

On the impact of environmental metrics on CVSS scores

Laurent Gallon
Laboratoire Informatique de l'Université de Pau et des Pays de l'Adour
CV

Résumé

CVSS is a framework which provides a method for rating the severity level of IT vulnerabilities. It takes into account not only the intrinsic characteristics of the vulnerability, but also its evolution over time and the user environment in which it is detected. A severity, or CVSS, score, is evaluated using several metrics : base / temporal / environmental. Base metrics assessments are achieved through organizations which maintain IT dictionaries ( CVE for example). These ratings can be found in public IT vulnerability databases such as NVD, OSVDB, ... This paper studies the impact of applying environmental metrics to CVSS scores stored in NVD database, focuses on the variation of CVSS score distribution and identifies specific problems in modified CVSS score formulae.

Domaines

Cryptographie et sécurité [cs.CR] Réseaux et télécommunications [cs.NI]

Laurent Gallon  : Connectez-vous pour contacter le contributeur

https://hal.science/hal-00521641

Soumis le : mardi 28 septembre 2010-11:50:00

Dernière modification le : lundi 7 novembre 2022-17:24:33

Fichier non déposé

Dates et versions

hal-00521641 , version 1 (28-09-2010)

Identifiants

Citer

Laurent Gallon. On the impact of environmental metrics on CVSS scores. 2010 IEEE International Conference on PrivAcy, Security, riSk And Trust (PASSAT10) - Symposium on Secure Computing (SecureCom-10), Aug 2010, Minneapolis, United States. ⟨10.1109/SocialCom.2010.146⟩. ⟨hal-00521641⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

UNIV-PAU LIUPPA
38 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More