Abstract
Prioritizing bug fixes becomes a daunting task due to the increasing number of vulnerability disclosure programs. When making a decision, not only the Common Vulnerability Scoring System (CVSS) but also the probability of exploitation, the trend of particular security issues should be taken into account. This paper aims to discuss the sources and approaches for measuring degree of interest in a specific vulnerability at a particular point in real-time. This research presents а new metric and estimation model which is based on vulnerability assessment. We compared several techniques to determine the most suitable approach and relevant sources for improving vulnerability management and prioritization problems. We chose the Google Trend analytics tool to gather trend data, distinguish main features and build data set. The result of this study is the regression equation which helps efficiently prioritize vulnerabilities considering the public interest in the particular security issue. The proposed method provides the popularity estimation of Common Vulnerabilities and Exposures (CVE) using public resources.
Highlights
INFORMATION security (IS) news feeds are increasingly being updated with information on new vulnerabilities in various products
The Common Vulnerability Scoring System (CVSS) and the probability of exploitation, the trend of particular security issues should be taken into account
This research presents а new metric and estimation model which is based on vulnerability assessment
Summary
INFORMATION security (IS) news feeds are increasingly being updated with information on new vulnerabilities in various products. Huge corporations or startups in the field of information technology use a large number of third-party software products. It is not always possible to use the latest updated versions of the software. This is due to strict dependencies on a specific version and its functionality, lack of documentation, increased overhead costs for testing and updating, lack of human resources and high risks for business in case of an error. Having n vulnerabilities, a company can only allocate resources and time to fix m vulnerabilities, where m ≪ n. Since fixing all n vulnerabilities is not economically viable in terms of business and profit
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
