Security Risk Growth Models for Software Vulnerability Assessment
Author
Abstract

Information system administrators must pay attention to system vulnerability information and take appropriate measures against security attacks on the systems they manage. However, as the number of security vulnerability reports increases, the time required to implement vulnerability remediation also increases, therefore vulnerability risks must be assessed and prioritized. Especially in the early stages of vulnerability discovery, such as zero-day attacks, the risk assessment must consider changes over time, since it takes time to spread the information among adversaries and defenders.The Common Vulnerability Scoring System (CVSS) is used widely for vulnerability risk assessment, but it cannot be said that it can sufficiently cope with temporal changes of risk of attacks. In this paper, we proposed software vulnerability growth models to assist system administrators in decision making. Experimental results show that these models can provide a visual representation of the risk over time.

Year of Publication
2023
Date Published
jun
URL
https://ieeexplore.ieee.org/document/10207119
DOI
10.1109/DSN-W58399.2023.00026
Google Scholar | BibTeX | DOI