Abstract
ABSTRACTThe number of vulnerabilities discovered and reported during the recent decades is enormous, making an improved ranking and prioritization of vulnerabilities’ severity a major issue for information technology (IT) management. Although several methodologies for ranking and scoring vulnerabilities have been proposed, the Common Vulnerability Scoring System (CVSS) is the open standard with wide acceptance from the information security community. Recently, the Weighted Impact Vulnerability Scoring System (WIVSS) has been proposed as an alternative scoring methodology, which assigns different weights to impact factors of vulnerability in order to achieve higher diversity of values and thus improvement in flexibility of ranking in comparison to CVSS. The purpose of this paper is to expand the idea of WIVSS by defining the sets of weights which provide higher diversity of values. For this reason, an algorithm that finds all the possible combinations of optimal weights within a specified range and under certain constrains is presented. The algorithm results in 14 different combinations of impact weights that are applied to a sample of 20,496 vulnerabilities and statistically analyzed for associations among impact factors. The results suggest that one specific combination of impact weights can achieve highest diversity of values.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Information Security Journal: A Global Perspective
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
