The effect of software vulnerability is assessed in a system provided with a computer and network equipment. The vulnerability assessment system (10) assesses software vulnerability in a system to be assessed that is provided with a computer and network equipment. An affected software extraction unit (31) of the vulnerability assessment system (10) assesses whether the software of the system to be assessed is affected by vulnerability on the basis of a vulnerability information database (21) and a software database (24) of computer software. A direct path search unit (32) of the vulnerability assessment system (10) determines whether affected software can be attacked from an external network when it has been assessed by the affected software extraction unit (31) that the software of the system to be assessed is affected by the vulnerability.
展开▼