Sciweavers

HASE
2014
IEEE

Using Attack Surface Entry Points and Reachability Analysis to Assess the Risk of Software Vulnerability Exploitability

9 years 6 months ago
Using Attack Surface Entry Points and Reachability Analysis to Assess the Risk of Software Vulnerability Exploitability
— An unpatched vulnerability can lead to security breaches. When a new vulnerability is discovered, it needs to be assessed so that it can be prioritized. A major challenge in software security is the assessment of the potential risk due to vulnerability exploitability. CVSS metrics have become a de facto standard that is commonly used to assess the severity of a vulnerability. The CVSS Base Score measures severity based on exploitability and impact measures. CVSS exploitability is measured based on three metrics: Access Vector, Authentication, and Access Complexity. However, CVSS exploitability measures assign subjective numbers based on the views of experts. Two of its factors, Access Vector and Authentication, are the same for almost all vulnerabilities. CVSS does not specify how the third factor, Access Complexity, is measured, and hence we do not know if it considers software properties as a factor. In this paper, we propose an approach that assesses the risk of vulnerability ex...
Awad A. Younis, Yashwant K. Malaiya, Indrajit Ray
Added 19 May 2015
Updated 19 May 2015
Type Journal
Year 2014
Where HASE
Authors Awad A. Younis, Yashwant K. Malaiya, Indrajit Ray
Comments (0)