• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Computers & Security >An expert-based investigation of the Common Vulnerability Scoring System
【24h】

An expert-based investigation of the Common Vulnerability Scoring System

机译:基于专家的常见漏洞评分系统调查

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The Common Vulnerability Scoring System (CVSS) is the most widely used standard for quantifying the severity of security vulnerabilities. For instance, all vulnerabilities in the US National Vulnerability Database are scored according to this system. Unfortunately, it is largely unexplored whether or not its scores are accurate. This paper studies this property through a survey with opinions by 384 experts, covering more than 3000 vulnerabilities. The results show that the mean disagreement between the judgments of the experts and the CVSS Base Score is -0.38, with a variance of 4.46 (on a scale from 0 to 10). The direction of this difference depends on the type of vulnerability that is concerned. The experts then suggest a number of possible revisions to the CVSS that could explain this difference.
机译:通用漏洞评分系统(CVSS)是用于量化安全漏洞严重性的最广泛使用的标准。例如,根据该系统对美国国家漏洞数据库中的所有漏洞进行评分。不幸的是,它的分数是否准确在很大程度上尚待探索。本文通过384位专家的意见调查对该财产进行了研究,涵盖了3000多个漏洞。结果表明,专家的判断与CVSS基本评分之间的平均差异为-0.38,方差为4.46(从0到10的标度)。这种差异的方向取决于相关漏洞的类型。然后,专家们建议对CVSS进行许多可能的修订,以解释这种差异。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号