CVSS

CVSS

Common Vulnerability Scoring System (CVSS) is an industry standard for assessing the severity of computer system security vulnerabilities. It attempts to establish a measure of how much concern a vulnerability warrants, compared to other vulnerabilities, so efforts can be prioritized. The score is based on a series of measurements (called metrics) based on expert assessment.

Contents

Metrics

The CVSS assessment measures three areas of concern:

  1. Base Metrics for qualities intrinsic to a vulnerability.
  2. Temporal Metrics for characteristics that evolve over the lifetime of vulnerability.
  3. Environmental Metrics for characteristics of a vulnerability that depend on a particular implementation or environment.

Base Metrics

  1. Is the vulnerability exploitable remotely (as opposed to only locally).
  2. How complex must an attack be to exploit the vulnerability?
  3. Is authentication required to attack?
  4. Does the vulnerability expose confidential data?
  5. Can attacking the vulnerability damage the integrity of the system?
  6. Does it impact availability of the system?

Temporal Metrics

  1. How complex (or how long will it take) to exploit the vulnerability.
  2. How hard (or how long) will it take to remediate the vulnerability.
  3. How certain is the vulnerability's existence.

Environmental Metrics

  1. Potential to cause collateral damage.
  2. How many systems (or how much of a system) does the vulnerability impact.
  3. Security Requirement(CIA)

See also

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • CVSS — Das Common Vulnerability Scoring System (wörtlich übersetzt: „Gebräuchliches Verwundbarkeitsbewertungssystem“) , abgekürzt CVSS, ist ein Industriestandard zur Beschreibung des Schweregrades von Sicherheitslücken in Computer Systemen. Im CVSS… …   Deutsch Wikipedia

  • CVSS — Common Vulnerability Scoring System Common Vulnerability Scoring System (CVSS) est un système d évaluation standardisé de la criticité des vulnérabilités selon des critères objectifs et mesurables. Cette évaluation est constituée de 3 mesures… …   Wikipédia en Français

  • Common Vulnerability Scoring System — (CVSS) est un système d évaluation standardisé de la criticité des vulnérabilités selon des critères objectifs et mesurables. Cette évaluation est constituée de 3 mesures appelées métriques : la métrique de base, la métrique temporelle et la …   Wikipédia en Français

  • Council for Voluntary Service — A Council for Voluntary Service (CVS) is a type of charity in England. CVSs are the place at which local voluntary and community organisations speak to each other . They offer a wide variety of services and support for local organisations, for… …   Wikipedia

  • Security Content Automation Protocol — The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). The National Vulnerability Database… …   Wikipedia

  • USS Coral Sea (CV-43) — USS Coral Sea (CV/CVB/CVA 43), a Sclass|Midway|aircraft carrier, was the second ship of the United States Navy to be named for the Battle of the Coral Sea. She earned the affectionate nickname Ageless Warrior through her long career. Initially… …   Wikipedia

  • Vulnerability (computing) — In computer security, the term vulnerability is applied to a weakness in a system which allows an attacker to violate the integrity of that system. Vulnerabilities may result from weak passwords, software bugs, a computer virus or other malware,… …   Wikipedia

  • Ca va se savoir (emission de television) — Ça va se savoir (émission de télévision) Pour les articles homonymes, voir Ça va se savoir. Ça va se savoir ! Genre Divertissement Présenté par …   Wikipédia en Français

  • Ça va se savoir (émission de télévision) — Pour les articles homonymes, voir Ça va se savoir. Ça va se savoir ! Genre Divertissement Présentation Simon Monceau …   Wikipédia en Français

  • Common Weakness Enumeration — is a software community project that aims at creating a catalog of software weaknesses and vulnerabilities. The goal of the project is to better understand flaws in software and to create automated tools that can be used to identify, fix, and… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”