论文信息 - Vulnerability scoring for security configuration settings

Vulnerability scoring for security configuration settings

The best-known vulnerability scoring standard, the Common Vulnerability Scoring System (CVSS), is designed to quantify the severity of security-related software flaw vulnerabilities. This paper describes our efforts to determine if CVSS could be adapted for use with a different type of vulnerability: security configuration settings. We have identified significant differences in scoring configuration settings and software flaws and have proposed methods for accommodating those differences. We also generated scores for 187 configuration settings to evaluate the new specification.

Karen Scarfone | Peter Mell

[1] 尚弘島影. National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[2] K. Scarfone,et al. A framework for measuring the vulnerability of hosts , 2008, 2008 1st International Conference on Information Technology.

[3] Karen A. Scarfone,et al. The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities , 2010 .

[4] Karen A. Scarfone,et al. A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .