The criticality of software vulnerability is the measurement of the potential risk of which the software vulnerability may be taken advantage for attacking the system.Based on analysis of current evaluation methods and their limitation, an analysis framework for evaluating the criticality of software vulnerability was proposed, according to the impact severity and probability of vulnerability.Based on fuzzy theory, the quantification model for evaluating the criticality of software vulnerability was proposed and the hierarchy of fuzzy evaluation factors' relationship and membership was established.The fuzzy set-based indices quantification, the fuzzy relational matrix-based indices weight value and the general evaluation method for software vulnerability criticality were emphasized.At last, the application and implement of the evaluating model were given.%软件脆弱性的危险程度是对软件脆弱性被利用来攻击系统的潜在危险的度量.在分析目前已知的相关评价方法及其局限性的基础上,提出了根据脆弱性影响的严重程度和脆弱性可利用性来评估脆弱性危险程度的分析框架,并基于模糊理论,提出了软件脆弱性危险程度评估的量化模型,建立了模糊测评因素关联隶属关系的递阶层次结构,并重点分析了基于模糊集的指标量化、基于模糊关系矩阵的指标权重的确定和软件脆弱性危险程度的综合评价方法.最后,给出了模型的应用与实现.
展开▼
