Published: October 29, 2008
Author(s)
Karen Scarfone, Peter Mell
Conference
Name: 4th ACM Workshop on Quality of Protection (QoP'08)
Dates: October 27, 2008
Location: Alexandria, Virginia, United States
Citation: Proceedings of the 4th ACM Workshop on Quality of Protection (QoP '08), pp. 3-8
Announcement
The best-known vulnerability scoring standard, the Common Vulnerability Scoring System (CVSS), is designed to quantify the severity of security-related software flaw vulnerabilities. This paper describes our efforts to determine if CVSS could be adapted for use with a different type of vulnerability: security configuration settings. We have identified significant differences in scoring configuration settings and software flaws and have proposed methods for accommodating those differences. We also generated scores for 187 configuration settings to evaluate the new specification.
The best-known vulnerability scoring standard, the Common Vulnerability Scoring System (CVSS), is designed to quantify the severity of security-related software flaw vulnerabilities. This paper describes our efforts to determine if CVSS could be adapted for use with a different type of...
See full abstract
The best-known vulnerability scoring standard, the Common Vulnerability Scoring System (CVSS), is designed to quantify the severity of security-related software flaw vulnerabilities. This paper describes our efforts to determine if CVSS could be adapted for use with a different type of vulnerability: security configuration settings. We have identified significant differences in scoring configuration settings and software flaws and have proposed methods for accommodating those differences. We also generated scores for 187 configuration settings to evaluate the new specification.
Hide full abstract
Keywords
Common Vulnerability Scoring System (CVSS); risk assessment; security configuration; vulnerability; vulnerability scoring
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
