{"title":"软件版本升级安全漏洞评估","authors":"Sirikwan Treetippayaruk, T. Senivongse","doi":"10.1109/SNPD.2017.8022734","DOIUrl":null,"url":null,"abstract":"Software installed on a computer does have security vulnerabilities to which an attacker can have access and do harm to the computer. It is known to be a good practice to install updates or upgrade versions of the software regularly to improve features, stability, and security, but often those updates and upgrades are ignored or delayed for several reasons. In addition, the new releases may come with some other vulnerabilities themselves. The motivation of this paper is to give information to computer users about the impact of software upgrade in terms of severity of the vulnerabilities that would result from the upgrade, in comparison with that of the vulnerabilities of the currently installed software. We propose a method to assess security vulnerabilities of the installed and the latest versions based on the CVSS vulnerability scoring system. Severity of vulnerabilities will be reported to suggest whether the upgrade is really needed to improve security. We also present an assessment tool that supports both personal and corporate use.","PeriodicalId":186094,"journal":{"name":"2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","volume":"469 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Security vulnerability assessment for software version upgrade\",\"authors\":\"Sirikwan Treetippayaruk, T. Senivongse\",\"doi\":\"10.1109/SNPD.2017.8022734\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software installed on a computer does have security vulnerabilities to which an attacker can have access and do harm to the computer. It is known to be a good practice to install updates or upgrade versions of the software regularly to improve features, stability, and security, but often those updates and upgrades are ignored or delayed for several reasons. In addition, the new releases may come with some other vulnerabilities themselves. The motivation of this paper is to give information to computer users about the impact of software upgrade in terms of severity of the vulnerabilities that would result from the upgrade, in comparison with that of the vulnerabilities of the currently installed software. We propose a method to assess security vulnerabilities of the installed and the latest versions based on the CVSS vulnerability scoring system. Severity of vulnerabilities will be reported to suggest whether the upgrade is really needed to improve security. We also present an assessment tool that supports both personal and corporate use.\",\"PeriodicalId\":186094,\"journal\":{\"name\":\"2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)\",\"volume\":\"469 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SNPD.2017.8022734\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD.2017.8022734","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security vulnerability assessment for software version upgrade
Software installed on a computer does have security vulnerabilities to which an attacker can have access and do harm to the computer. It is known to be a good practice to install updates or upgrade versions of the software regularly to improve features, stability, and security, but often those updates and upgrades are ignored or delayed for several reasons. In addition, the new releases may come with some other vulnerabilities themselves. The motivation of this paper is to give information to computer users about the impact of software upgrade in terms of severity of the vulnerabilities that would result from the upgrade, in comparison with that of the vulnerabilities of the currently installed software. We propose a method to assess security vulnerabilities of the installed and the latest versions based on the CVSS vulnerability scoring system. Severity of vulnerabilities will be reported to suggest whether the upgrade is really needed to improve security. We also present an assessment tool that supports both personal and corporate use.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
