Open Access
2014 A Software Vulnerability Rating Approach Based on the Vulnerability Database
Jian Luo, Kueiming Lo, Haoran Qu
J. Appl. Math. 2014(SI11): 1-9 (2014). DOI: 10.1155/2014/932397


CVSS is a specification for measuring the relative severity of software vulnerabilities. The performance values of the CVSS given by CVSS-SIG cannot describe the reasons for the software vulnerabilities. This approach fails to distinguish between software vulnerabilities that have the same score but different levels of severity. In this paper, a software vulnerability rating approach (SVRA) is proposed. The vulnerability database is used by SVRA to analyze the frequencies of CVSS’s metrics at different times. Then, the equations for both exploitability and impact subscores are given in terms of these frequencies. SVRA performs a weighted average of these two subscores to create an SVRA score. The score of a vulnerability is dynamically calculated at different times using the vulnerability database. Experiments were performed to validate the efficiency of the SVRA.


Download Citation

Jian Luo. Kueiming Lo. Haoran Qu. "A Software Vulnerability Rating Approach Based on the Vulnerability Database." J. Appl. Math. 2014 (SI11) 1 - 9, 2014.


Published: 2014
First available in Project Euclid: 1 October 2014

Digital Object Identifier: 10.1155/2014/932397

Rights: Copyright © 2014 Hindawi

Vol.2014 • No. SI11 • 2014
Back to Top