• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE transactions on dependable and secure computing >Can the Common Vulnerability Scoring System be Trusted? A Bayesian Analysis
【24h】

Can the Common Vulnerability Scoring System be Trusted? A Bayesian Analysis

机译:通用漏洞评分系统可以信任吗?贝叶斯分析

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The Common Vulnerability Scoring System (CVSS) is the state-of-the art system for assessing software vulnerabilities. However, it has been criticized for lack of validity and practitioner relevance. In this paper, the credibility of the CVSS scoring data found in five leading databases-NVD, X-Force, OSVDB, CERT-VN, and Cisco-is assessed. A Bayesian method is used to infer the most probable true values underlying the imperfect assessments of the databases, thus circumventing the problem that ground truth is not known. It is concluded that with the exception of a few dimensions, the CVSS is quite trustworthy. The databases are relatively consistent, but some are better than others. The expected accuracy of each database for a given dimension can be found by marginalizing confusion matrices. By this measure, NVD is the best and OSVDB is the worst of the assessed databases.
机译:通用漏洞评分系统(CVSS)是用于评估软件漏洞的最新系统。但是,由于缺乏有效性和从业者相关性而受到批评。在本文中,评估了在五个主要数据库(NVD,X-Force,OSVDB,CERT-VN和Cisco)中发现的CVSS评分数据的可信度。贝叶斯方法用于推断数据库不完全评估所依据的最可能的真实值,从而规避了未知的地面真相的问题。结论是,除少数几个方面外,CVSS值得信赖。数据库相对一致,但是有些数据库比其他数据库更好。给定维度的每个数据库的预期准确性可以通过边缘化混淆矩阵来找到。通过这种方法,在评估的数据库中,NVD最好,而OSVDB是最差的数据库。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号