Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Karen A. Scarfone; Peter M. Mell;|
|Title:||An Analysis of CVSS Version 2 Vulnerability Scoring|
|Published:||October 14, 2009|
|Abstract:||The Common Vulnerability Scoring System (CVSS) is a specification that is used to measure the relative severity of software vulnerabilities. CVSS version 2, which was finalized in June 2007, was designed to address several deficiencies discovered during analysis and use of the original version of CVSS. This paper analyzes the new version of CVSS to determine how effectively it addresses the deficiencies in the original version and to identify any major deficiencies the new version may have. This analysis is based primarily on an experiment that applied both CVSS version 1 and version 2 scoring to a large set of recent vulnerabilities. The analysis also involved examination of the theoretical characteristics of version 1 and version 2 scores.|
|Conference:||5th International Workshop on Security Measurement and Metrics (MetriSec 2009)|
|Proceedings:||Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement (ESEM '09)|
|Pages:||pp. 516 - 525|
|Location:||Lake Buena Vista, FL|
|Dates:||October 14, 2009|
|Keywords:||Common Vulnerability Scoring System (CVSS), risk assessment, vulnerability, vulnerability scoring|
|Research Areas:||Threats & Vulnerabilities, Computer Security|
|DOI:||http://dx.doi.org/10.1109/ESEM.2009.5314220 (Note: May link to a non-U.S. Government webpage)|
|PDF version:||Click here to retrieve PDF version of paper (508KB)|