research-article

Common Vulnerability Scoring System

Authors:

Peter Mell,

Karen Scarfone,

Sasha RomanoskyAuthors Info & Claims

IEEE Security and Privacy, Volume 4, Issue 6

Pages 85 - 89

https://doi.org/10.1109/MSP.2006.145

Published: 01 November 2006 Publication History

Publisher Site

Abstract

Vendors have historically used proprietary methods for scoring software vulnerabilities, usually without detailing their criteria or processes. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for consistently and accurately assessing and quantifying software vulnerabilities' impact on organizations.

Reference

[1]

M. Schiffman et al., Common Vulnerability Scoring System, tech. report, US Nat'l Infrastructure Advisory Council, 2004;

Google Scholar

Cited By

View all

Verreydt SYskout KSion LJoosen WKelley PKapadia A(2024)Threat modeling state of practice in Dutch organizationsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696924(473-486)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696924
Bose MParuchuri PKumar ADastani MSichman JAlechina NDignum V(2024)Factored MDP based Moving Target Defense with Dynamic Threat ModelingProceedings of the 23rd International Conference on Autonomous Agents and Multiagent Systems10.5555/3635637.3663095(2165-2167)Online publication date: 6-May-2024
https://dl.acm.org/doi/10.5555/3635637.3663095
Swierzy BBoes FPohl TBungartz CMeier M(2024)SoK: Automated Software Testing for TLS LibrariesProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670871(1-12)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670871
Show More Cited By

Recommendations

Automated Generation of Attack Graphs Using NVD
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Today's computer networks are prone to sophisticated multi-step, multi-host attacks. Common approaches of identifying vulnerabilities and analyzing the security of such networks with naive methods such as counting the number of vulnerabilities, or ...
Common vulnerability scoring system prediction based on open source intelligence information sources
Abstract
The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) ...
On NVD Users’ Attitudes, Experiences, Hopes, and Hurdles
The National Vulnerability Database (NVD) is a major vulnerability database that is free to use for everyone. It provides information about vulnerabilities and further useful resources such as linked advisories and patches. The NVD is often considered as ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

IEEE Security and Privacy Volume 4, Issue 6

November 2006

91 pages

ISSN:1540-7993

Issue’s Table of Contents

Publisher

IEEE Educational Activities Department

United States

Publication History

Published: 01 November 2006

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

79
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Verreydt SYskout KSion LJoosen WKelley PKapadia A(2024)Threat modeling state of practice in Dutch organizationsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696924(473-486)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696924
Bose MParuchuri PKumar ADastani MSichman JAlechina NDignum V(2024)Factored MDP based Moving Target Defense with Dynamic Threat ModelingProceedings of the 23rd International Conference on Autonomous Agents and Multiagent Systems10.5555/3635637.3663095(2165-2167)Online publication date: 6-May-2024
https://dl.acm.org/doi/10.5555/3635637.3663095
Swierzy BBoes FPohl TBungartz CMeier M(2024)SoK: Automated Software Testing for TLS LibrariesProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670871(1-12)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670871
Teixeira De Castro HHussain ABlanc GEl Hachem JBlouin DLeneutre JPapadimitratos P(2024)A Model-based Approach for Assessing the Security of Cyber-Physical SystemsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670470(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670470
Elder SRahman MFringer GKapoor KWilliams L(2024)A Survey on Software Vulnerability Exploitability AssessmentACM Computing Surveys10.1145/364861056:8(1-41)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3648610
May RBiermann CZerweck XLudwig KKrüger JLeich T(2024)Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack OverflowProceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems10.1145/3634713.3634729(112-122)Online publication date: 7-Feb-2024
https://dl.acm.org/doi/10.1145/3634713.3634729
Nour BPourzandi MQureshi RDebbabi M(2024)AUTOMA: Automated Generation of Attack Hypotheses and Their Variants for Threat Hunting Using Knowledge DiscoveryIEEE Transactions on Network and Service Management10.1109/TNSM.2024.337897221:5(5178-5196)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3378972
Zeng ZHuang DXue GDeng YVadnere NXie L(2024)ILLATION: Improving Vulnerability Risk Prioritization by Learning From NetworkIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.329443321:4(1890-1901)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3294433
Smit KDe Gelder CVan Meerten J(2023)Social Robots in Primary Schools: An Explorative Security AnalysisProceedings of the 2023 7th International Conference on Software and e-Business10.1145/3641067.3641069(51-56)Online publication date: 21-Dec-2023
https://dl.acm.org/doi/10.1145/3641067.3641069
Bergler MTavakoli-Kolagari R(2023)Automotive Software Security Engineering based on the ISO 21434Proceedings of the 2023 5th World Symposium on Software Engineering10.1145/3631991.3631994(17-26)Online publication date: 22-Sep-2023
https://dl.acm.org/doi/10.1145/3631991.3631994
Show More Cited By

Abstract

Reference

Cited By

Recommendations

Automated Generation of Attack Graphs Using NVD