This study presents a new approach for calculations within the Common Vulnerability Scoring System that scoring the effects of vulnerabilities in software on the security status. These calculations is the method that is most commonly used in scoring software vulnerabilities. The present model demonstrates how software security vulnerabilities can be calculated using linguistic terms. Therefore, the proposed method has a more flexible structure than this system. The current Common Vulnerability Scoring System formula and scores were used to assess and implement the presented model. The aim was to form a fuzzy model called the Fuzzy Common Vulnerability Scoring System based on the success probabilities which are defined using linguistic terms such as low, very low or high. Moreover, the Fuzzy Logistic Regression (FLR) method was used to define the relationship between the exact inputs and fuzzy multiple outputs, and the Least Squares Method was used to estimate the parameters of the presented model. The performance of the model was evaluated by a comparison using Mean Squared Error (MSE), Mean Absolute Error (MAE), and Kim and Bishu’s criterion. Validity of the fuzzy regression model is demonstrated with different fitness functions. The expectation was that more practical estimations with better error tolerance can be achieved by using linguistic terms to assess common vulnerabilities.

本研究提出了一种在通用漏洞评分系统内进行计算的新方法，该系统可对软件中的漏洞对安全状态的影响进行评分。这些计算是最常用于对软件漏洞进行评分的方法。本模型演示了如何使用语言术语计算软件安全漏洞。因此，所提出的方法具有比该系统更灵活的结构。当前的通用漏洞评分系统公式和分数用于评估和实施所呈现的模型。目的是基于成功概率形成一个模糊模型，称为模糊通用漏洞评分系统，成功概率使用语言术语（如低、非常低或高）定义。而且，模糊逻辑回归（FLR）方法用于定义精确输入和模糊多输出之间的关系，最小二乘法用于估计所呈现模型的参数。模型的性能通过使用均方误差 (MSE)、平均绝对误差 (MAE) 以及 Kim 和 Bishu 的标准进行比较来评估。模糊回归模型的有效性用不同的适应度函数证明。期望通过使用语言术语来评估常见漏洞，可以实现具有更好容错性的更实用的估计。平均绝对误差 (MAE)，以及 Kim 和 Bishu 的标准。模糊回归模型的有效性用不同的适应度函数证明。期望通过使用语言术语来评估常见漏洞，可以实现具有更好容错性的更实用的估计。平均绝对误差 (MAE)，以及 Kim 和 Bishu 的标准。模糊回归模型的有效性用不同的适应度函数证明。期望通过使用语言术语来评估常见漏洞，可以实现具有更好容错性的更实用的估计。