Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.6.1407

Quantitative Scoring Criteria on the Importance of Software Weaknesses  

Ahn, Joonseon (Korea Aerospace University)
Bang, Ji-Ho (Korea Internet Security Agency)
Lee, Eunyoung (Dongduk Women's University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.6, 2012 , pp. 1407-1417 More about this Journal
Abstract
In order to protect a software system from security attacks, it is important to remove the software security weaknesses through the entire life cycle of software development. To remove the software weaknesses more effectively, software weaknesses are prioritized and sorted continuously. In this paper, we introduce the existing scoring systems for software weakness and software vulnerability, and propose a new quantitative standard for the scoring system, which helps evaluate the importance of software weakness objectively. We also demonstrate the practicability of the proposed standard by scoring 2011 CWE/SANS Top 25 list with the proposed standard and comparing it to the original score of MITRE.
Keywords
software security; software weakness; software vulnerability; scoring system;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Theresa Lanowitz, "Now is the time for security at application level," Gartner G00127407, http://www.gartner.com/id =487227, Dec. 2005.
2 Common Weakness Enumeration (CWE), http://cwe.mitre.org.
3 Common Vulnerabilities and Exposures (CVE), http://cve.mitre.org.
4 2011 CWE/SANS Top 25 Most Dangerous Software Errors, http://cwe.mitre.org/ top25.
5 Top 10 2010 - OWASP, https://www.owasp.org/index.php/Top_10_2010.
6 Common Weakness Scoring System (CWSS), http://cwe.mitre.org/cwss.
7 Common Vulnerability Scoring System (CVSS), http://www.first.org/cvss.
8 National Vulnerability Database, http://nvd.nist.gov/home.cfm.
9 CAPEC-Common Attack Pattern Enumeration and Classification (CAPEC), http://capec.mitre.org.