当前位置:
X-MOL 学术
›
IEEE Secur. Priv.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Is Vulnerability Report Confidence Redundant? Pitfalls Using Temporal Risk Scores
IEEE Security & Privacy ( IF 1.9 ) Pub Date : 2021-05-05 , DOI: 10.1109/msec.2021.3070978 Francois Boechat 1 , Gabriel Ribas 1 , Lucas Senos 1 , Miguel Bicudo 1 , Mateus Schulz Nogueira 2 , Leandro Pfleger de Aguiar 3 , Daniel Sadoc Menasche 1
IEEE Security & Privacy ( IF 1.9 ) Pub Date : 2021-05-05 , DOI: 10.1109/msec.2021.3070978 Francois Boechat 1 , Gabriel Ribas 1 , Lucas Senos 1 , Miguel Bicudo 1 , Mateus Schulz Nogueira 2 , Leandro Pfleger de Aguiar 3 , Daniel Sadoc Menasche 1
Affiliation
The Common Vulnerability Scoring System score is the de facto standard to assess risk of software vulnerabilities, with three temporal components: exploitability, remediation level, and report confidence. We discuss how the latter may be inferred from the first two, pointing practical and conceptual issues in the usage of temporal risk scores.
中文翻译:
漏洞报告置信度是多余的吗?使用时间风险评分的陷阱
通用漏洞评分系统分数是评估软件漏洞风险的事实标准,具有三个时间组成部分:可利用性、修复级别和报告可信度。我们讨论了如何从前两个中推断出后者,指出了时间风险评分使用中的实际和概念问题。
更新日期:2021-07-06
中文翻译:
漏洞报告置信度是多余的吗?使用时间风险评分的陷阱
通用漏洞评分系统分数是评估软件漏洞风险的事实标准,具有三个时间组成部分:可利用性、修复级别和报告可信度。我们讨论了如何从前两个中推断出后者,指出了时间风险评分使用中的实际和概念问题。
京公网安备 11010802027423号