Towards Usable Scoring of Common Weaknesses

Olutola Adebiyi; Massimiliano Albanese

doi:10.5220/0012090900003555

Towards Usable Scoring of Common Weaknesses

Olutola Adebiyi, Massimiliano Albanese

2023

Abstract

As the number and severity of security incidents continue to increase, remediating vulnerabilities and weaknesses has become a daunting task due to the sheer number of known vulnerabilities. Different scoring systems have been developed to provide qualitative and quantitative assessments of the severity of common vulnerabilities and weaknesses, and guide the prioritization of vulnerability remediation. However, these scoring systems provide only generic rankings of common weaknesses, which do not consider the specific vulnerabilities that exist in each system. To address this limitation, and building on recent principled approaches to vulnerability scoring, we propose new common weakness scoring metrics that consider the findings of vulnerability scanners, including the number of instances of each vulnerability across a system, and enable system-specific rankings that can provide actionable intelligence to security administrators. We built a small testbed to evaluate the proposed metrics against an existing metric, and show that the results are consistent with our intuition.

Download

Paper Citation

in Harvard Style

Adebiyi O. and Albanese M. (2023). Towards Usable Scoring of Common Weaknesses. In Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-666-8, SciTePress, pages 183-191. DOI: 10.5220/0012090900003555

in Bibtex Style

@conference{secrypt23,
author={Olutola Adebiyi and Massimiliano Albanese},
title={Towards Usable Scoring of Common Weaknesses},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2023},
pages={183-191},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012090900003555},
isbn={978-989-758-666-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Towards Usable Scoring of Common Weaknesses
SN - 978-989-758-666-8
AU - Adebiyi O.
AU - Albanese M.
PY - 2023
SP - 183
EP - 191
DO - 10.5220/0012090900003555
PB - SciTePress