Estimating risk levels for vulnerability categories using CVSS Online publication date: Sat, 09-Aug-2014
by Anshu Tripathi; Umesh Kumar Singh
International Journal of Internet Technology and Secured Transactions (IJITST), Vol. 4, No. 4, 2012
Abstract: Objective and automated means for security measurement are becoming essential for security management. The security level of any system can be measured in terms of risk level posed by the presence of vulnerabilities in it. The process can be further improved, if well classified vulnerability datasets are used. With classified vulnerability data, multiple vulnerabilities of same genre can be addressed simultaneously that in turn increases objectivity and scope of security management. In this paper, we proposed an approach to measure severity level of vulnerability categories and develop metrics to estimate risk levels of vulnerability categories. The proposed approach re-evaluate and unify risk levels of vulnerabilities present in a vulnerability category based on vulnerability characteristics, vulnerability population, availability of patches and age of vulnerability to estimate risk level of category. Developed metrics are applied on real vulnerability data repository by NVD and risk levels estimated for 23 vulnerability categories under which NVD classify vulnerability data.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Internet Technology and Secured Transactions (IJITST):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook