Title: Evaluation of severity index of vulnerability categories

Authors: Anshu Tripathi; Umesh Kumar Singh

Addresses: Department of Information Technology, Mahakal Institute of Technology, Behind Air Strip, Dewas Road, Ujjain-456010, Madhya Pradesh, India ' Institute of Computer Science, Vikram University, Ujjain-456010, Madhya Pradesh, India

Abstract: Proper and timely vulnerability mitigation is essential to ensure network security. Vulnerability categorisation plays a major role in this regard by increasing objectivity of security assessment process. Further, it suggests doing assessment of severity level of vulnerability categories to prioritise them relatively. That in turn leads in developing better risk mitigation strategies by addressing multiple vulnerabilities of same genre simultaneously. In this direction, this paper proposes an algorithm to evaluate severity index of vulnerability categories focusing on vulnerability characteristics and relative distribution of vulnerability population. Proposed algorithm applied on 22846 vulnerabilities listed by NVD which are categorised under 23 categories and further severity index for all the 23 categories were calculated.

Keywords: vulnerability mitigation; network security; CVSS score; vulnerability category; severity index; vulnerability categorisation.

DOI: 10.1504/IJICS.2013.058211

International Journal of Information and Computer Security, 2013 Vol.5 No.4, pp.275 - 289

Published online: 30 Jul 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article