Risk assessment method and apparatus for software system vulnerability
暂无分享,去创建一个
Embodiments of the present invention disclose a risk assessment method and apparatus for software system vulnerability, and relate to the technical field of information security, solving the problems in the prior art that comprehensive assessment on security risks in a software system cannot be performed visually and accurately. The risk assessment method for software system vulnerability comprises: preprocessing software package dependency metadata in a software system and establishing a software dependency network; obtaining vulnerability information, and according to the vulnerability information, constructing an association relationship between vulnerability and software packages; according to the software dependency network and the association relationship between vulnerability and software packages, searching for a software package with vulnerability and other software packages that directly or indirectly depend on the software package, and constructing a software package dependency relationship subgraph; based on importance of each node in the software package dependency relationship subgraph, assessing a security risk imposed by the vulnerability on the entire software system. The method and the apparatus provided by the embodiments of the present invention are mainly used for assessing a risk of vulnerability of a complex software system.