Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Can the Common Vulnerability Scoring System be Trusted?: A Bayesian Analysis
KTH Royal Institute of Technology, Sweden.
KTH Royal Institute of Technology, Sweden.
KTH Royal Institute of Technology, Sweden.
RISE., Swedish ICT, SICS, Software and Systems Engineering Laboratory.ORCID-id: 0000-0003-2017-7914
2018 (engelsk)Inngår i: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 15, nr 6, s. 1002-1015Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

The Common Vulnerability Scoring System (CVSS) is the state-of-the art system for assessing software vulnerabilities. However, it has been criticized for lack of validity and practitioner relevance. In this paper, the credibility of the CVSS scoring data found in five leading databases – NVD, X-Force, OSVDB, CERT-VN, and Cisco – is assessed. A Bayesian method is used to infer the most probable true values underlying the imperfect assessments of the databases, thus circumventing the problem that ground truth is not known. It is concluded that with the exception of a few dimensions, the CVSS is quite trustworthy. The databases are relatively consistent, but some are better than others. The expected accuracy of each database for a given dimension can be found by marginalizing confusion matrices. By this measure, NVD is the best and OSVDB is the worst of the assessed databases

sted, utgiver, år, opplag, sider
2018. Vol. 15, nr 6, s. 1002-1015
HSV kategori
Identifikatorer
URN: urn:nbn:se:ri:diva-32990DOI: 10.1109/TDSC.2016.2644614Scopus ID: 2-s2.0-85056520813OAI: oai:DiVA.org:ri-32990DiVA, id: diva2:1170505
Tilgjengelig fra: 2018-01-03 Laget: 2018-01-03 Sist oppdatert: 2023-06-08bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekstScopus

Person

Franke, Ulrik

Søk i DiVA

Av forfatter/redaktør
Franke, Ulrik
Av organisasjonen
I samme tidsskrift
IEEE Transactions on Dependable and Secure Computing

Søk utenfor DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 120 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.45.0