logo

SCIENCE CHINA Information Sciences, Volume 62, Issue 3: 039102(2019) https://doi.org/10.1007/s11432-017-9445-4

A revised CVSS-based system to improve the dispersion of vulnerability risk scores

More info
  • ReceivedJun 19, 2017
  • AcceptedApr 19, 2018
  • PublishedSep 11, 2018

Abstract

There is no abstract available for this article.


Acknowledgment

This work was supported by National Key RD Program of China (Grant No. 2016YFB0800700), National Natural Science Foundation of China (Grant Nos. 61572460, 61272481), Open Project Program of State Key Laboratory of Information Security (Grant No. 2017-ZD-01), National Information Security Special Projects of National Development and Reform Commission of China (Grant No. (2012)1424), and Programme of Introducing Talents of Discipline to Universities (111 Project) (Grant No. B16037).


Supplement

Appendix A.


References

[1] Shlens J. A tutorial on principal component analysis. 2014,. arXiv Google Scholar

[2] Mell P, Scarfone K. Improving the common vulnerability scoring system. IET Inf Secur, 2007, 1: 119-127 CrossRef Google Scholar

[3] Holm H, Afridi K K. An expert-based investigation of the common vulnerability scoring system. Comput Secur, 2015, 53: 18-30 CrossRef Google Scholar

[4] Fruhwirth C, Mannisto T. Improving CVSS-based vulnerability prioritization and response with context information. In: Proceedings of the 3rd International Symposium on Empirical Software Engineering and Measurement, Lake Buena Vista, 2009. 535--544. Google Scholar

[5] Ghani H, Luna J, Suri N. Quantitative assessment of software vulnerabilities based on economic-driven security metrics. In: Proceedings of International Conference on Risks and Security of Internet and Systems, La Rochelle, 2013. Google Scholar

[6] Keramati M, Keramati M. Novel security metrics for ranking vulnerabilities in computer networks. In: Proceedings of the 7th International Symposium on Telecommunications, Tehran, 2015. 883--888. Google Scholar

[7] Liu Q X, Zhang Y Q, Kong Y. Improving VRSS-based vulnerability prioritization using analytic hierarchy process. J Syst Softw, 2012, 85: 1699-1708 CrossRef Google Scholar

[8] Keramati M. New vulnerability scoring system for dynamic security evaluation. In: Proceedings of the 8th International Symposium on Telecommunications, Tehran, 2017. 746--751. Google Scholar

Copyright 2020 Science China Press Co., Ltd. 《中国科学》杂志社有限责任公司 版权所有

京ICP备18024590号-1