Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Karen A. Scarfone; Peter M. Mell;|
|Title:||Vulnerability Scoring for Security Configuration Settings|
|Published:||October 29, 2008|
|Abstract:||The best-known vulnerability scoring standard, the Common Vulnerability Scoring System (CVSS), is designed to quantify the severity of security-related software flaw vulnerabilities. This paper describes our efforts to determine if CVSS could be adapted for use with a different type of vulnerability: security configuration settings. We have identified significant differences in scoring configuration settings and software flaws and have proposed methods for accommodating those differences. We also generated scores for 187 configuration settings to evaluate the new specification.|
|Conference:||4th International Workshop on Quality of Protection|
|Proceedings:||2008 ACM Workshop on Quality of Protection|
|Dates:||October 27, 2008|
|Keywords:||Common Vulnerability Scoring System (CVSS), risk assessment, security configuration, vulnerability, vulnerability scoring|
|PDF version:||Click here to retrieve PDF version of paper (187KB)|