Using CVSS to quantitatively analyze risks to software caused by vulnerabilities

Gao, Jianbo; Zhang, Baowen; Xiao-hua, Chen

doi:10.1051/matecconf/20153116004

Cited by 2 publications

(2 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…But the proposed framework is limited to a specific environment and has also increased the complexity. On similar lines, Gao et al (2015) introduced the new terms, to define absolute, relative, and security severity values as a modification in CVSS. Thus, stressing evaluating the whole system's security in place of a component's vulnerability.…”

Section: Related Workmentioning

confidence: 99%

IVQF_IoT: An intelligent vulnerability quantification framework for scoring internet of things vulnerabilities

et al. 2021

View full text Add to dashboard Cite

With time smart services have become more domineering than ever before however, the pertinent security considerations fade to correspond with growing heterogeneity in the internet of things (IoT) devices and new technologies coupled with resource constraints, crafting IoT-based systems more susceptible to cyber-attacks. To ensure a secure IoT environment, pro-active security mechanisms, like scanning vulnerabilities and prioritizing to remediate them timely, should be embedded in the system.Motivated by the facts, we in this paper, highlight the state of the art of several works trading with a common vulnerability scoring system (CVSS), its limitations, and the emendations recommended to conclude its maturity. CVSS is an industry standard that has been adopted worldwide to quantify the vulnerabilities in organizations for IT and IoT-based systems. The vulnerabilities mathematical score coalesces with environmental knowledge for finding attack paths and apt score for prioritization.The specific functionality and exclusive dynamics of IoT and cyber-physical systems in comparison to traditional computer networks, make the legacy cyber-security exemplars unfit for these advanced networks. This paper studies the relevance of CVSS for smart systems and present an intelligent vulnerability quantification framework for IoT systems grounded on the CVSS v3.1 framework with threat intelligence and machine learning models. Further by applying blockchain technology in the proposed framework, the issues concerning security, lack of trust, and privacy possibly will resolve by hiring a smart contract.

show abstract

Section: Related Workmentioning

confidence: 99%

IVQF_IoT: An intelligent vulnerability quantification framework for scoring internet of things vulnerabilities

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Gao [7] suggested the use of new metrics, namely, 'absolute severity value', 'relative severity value' and 'security severity values' to enhance the calculations in the CVSS framework. This addition to CVSS enabled security administrators to evaluate the security of whole software system, instead of focusing on individual vulnerability of a component.…”

Section: Related Workmentioning

confidence: 99%

Vulnerability Modelling for Hybrid IT Systems

Ur-Rehman

Gondal

Kamruzzuman

et al. 2019

2019 IEEE International Conference on Industrial Technology (ICIT)

View full text Add to dashboard Cite

Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSS IoT , is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSS IoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.

show abstract

Using CVSS to quantitatively analyze risks to software caused by vulnerabilities

Cited by 2 publications

References 6 publications

IVQF_IoT: An intelligent vulnerability quantification framework for scoring internet of things vulnerabilities

IVQF_IoT: An intelligent vulnerability quantification framework for scoring internet of things vulnerabilities

Vulnerability Modelling for Hybrid IT Systems

Contact Info

Product

Resources

About

Using CVSS to quantitatively analyze risks to software caused by vulnerabilities

Cited by 2 publications

References 6 publications

IVQFIoT: An intelligent vulnerability quantification framework for scoring internet of things vulnerabilities

IVQFIoT: An intelligent vulnerability quantification framework for scoring internet of things vulnerabilities

Vulnerability Modelling for Hybrid IT Systems

Contact Info

Product

Resources

About

IVQF_IoT: An intelligent vulnerability quantification framework for scoring internet of things vulnerabilities

IVQF_IoT: An intelligent vulnerability quantification framework for scoring internet of things vulnerabilities