{"title":"Quantifying the Impact of Vulnerabilities of the Components of an Information System towards the Composite Rise Exposure","authors":"Yanzhen Qu, Adam English, Brace Hannon","doi":"10.1109/CSCI54926.2021.00193","DOIUrl":null,"url":null,"abstract":"To compensate the lacking of any concrete scoring formula of the CVSS v3 for the category of \"Environment\", in this paper, we present a novel formula for objectively quantifying composite vulnerability exposures for non-terminal components of an information system. The paper examines limitations of the CVSS v3 calculator definition, notably the capacity to characterize vulnerabilities from a composite perspective, providing a means to output a composite CVSS-compliant vulnerability score for aggregated system components. We provide the definitions for related concepts, formulas for determining component vulnerability, and a formula for calculating composite vulnerability. The common implementation of a Linux, Apache, MySQL, PHP (LAMP) stack provides a practical demonstration of the foundational formulas.","PeriodicalId":206881,"journal":{"name":"2021 International Conference on Computational Science and Computational Intelligence (CSCI)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Computational Science and Computational Intelligence (CSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCI54926.2021.00193","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
To compensate the lacking of any concrete scoring formula of the CVSS v3 for the category of "Environment", in this paper, we present a novel formula for objectively quantifying composite vulnerability exposures for non-terminal components of an information system. The paper examines limitations of the CVSS v3 calculator definition, notably the capacity to characterize vulnerabilities from a composite perspective, providing a means to output a composite CVSS-compliant vulnerability score for aggregated system components. We provide the definitions for related concepts, formulas for determining component vulnerability, and a formula for calculating composite vulnerability. The common implementation of a Linux, Apache, MySQL, PHP (LAMP) stack provides a practical demonstration of the foundational formulas.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
