Abstract
With the growing number of vulnerabilities while attacks are becoming more advanced, known software security vulnerabilities need to be managed more efficiently with prioritization and contextualization. The current industry standard approach towards vulnerability management at a large scale is limited for two reasons. First, it does not automatically capture the temporal characteristics of the Common Vulnerability Exposures (CVEs) (i.e., how CVEs change over time). Second, it requires manual labor to prioritize identified vulnerabilities. To address these limitations, this research designs a context-aware vulnerability prioritization (CAVP) model to calculate temporal-enabled vulnerability scores of CVEs and prioritize these vulnerabilities visually. The CAVP model includes an enhanced Context-Aware Vulnerability Scoring System (CAVSS) that automatically derives temporal metric values of CVEs through a set of expert-validated heuristic rules. The CAVP model is the first attempt to provide a step-by-step process of vulnerability prioritization that can be integrated within the risk management workflow of an organization. The implementation of the CAVP model in two organizations validates its usefulness.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
