Abstract | ||
---|---|---|
AbstractThe number of vulnerabilities discovered and reported during the recent decades is enormous, making an improved ranking and prioritization of vulnerabilities’ severity a major issue for information technology IT management. Although several methodologies for ranking and scoring vulnerabilities have been proposed, the Common Vulnerability Scoring System CVSS is the open standard with wide acceptance from the information security community. Recently, the Weighted Impact Vulnerability Scoring System WIVSS has been proposed as an alternative scoring methodology, which assigns different weights to impact factors of vulnerability in order to achieve higher diversity of values and thus improvement in flexibility of ranking in comparison to CVSS. The purpose of this paper is to expand the idea of WIVSS by defining the sets of weights which provide higher diversity of values. For this reason, an algorithm that finds all the possible combinations of optimal weights within a specified range and under certain constrains is presented. The algorithm results in 14 different combinations of impact weights that are applied to a sample of 20,496 vulnerabilities and statistically analyzed for associations among impact factors. The results suggest that one specific combination of impact weights can achieve highest diversity of values. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1080/19393555.2015.1051675 | Periodicals |
Keywords | Field | DocType |
information security, information systems, IT management, statistical analysis, vulnerability scoring | Information system,Data mining,Open standard,CVSS,Ranking,Computer science,Information technology,Information security,Information technology management,Vulnerability | Journal |
Volume | Issue | ISSN |
24 | 1-3 | 1939-3555 |
Citations | PageRank | References |
4 | 0.43 | 13 |
Authors | ||
2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Georgios Spanos | 1 | 31 | 3.04 |
Lefteris Angelis | 2 | 1296 | 82.51 |