Risk Scoring System for Software Vulnerability Using Public Vulnerability Information
![]() |
Kim, Min Cheol
(Graduate School of Information Security, Korea University)
Oh, Sejoon (Graduate School of Information Security, Korea University) Kang, Hyunjae (Graduate School of Information Security, Korea University) Kim, Jinsoo (Agency for Defense Development) Kim, Huy Kang (Graduate School of Information Security, Korea University) |
1 | Umesh Kumar Singh and Chanchala Joshi, "Quantitative security risk evaluation using CVSS metrics by estimati on of frequency and maturity of exploit," Proceedings of the World Congress on Engineering and Computer Science, vol. 1, Oct. 2016. |
2 | Umesh Kumar Singh and Chanchala Joshi, "Quantifying security risk by critical network vulnerabilities assessment," International Journal of Computer Applications vol. 156, no. 13, pp. 26-33, Dec. 2016. |
3 | Siv Hilde Houmb and Virginia N.L. Franqueira, "Estimating ToE risk level using CVSS," Availability, Reliability and Security, 2009, ARES'09, International Conference on. IEEE, Mar. 2009. |
4 | Candace Suh-Lee and Juyeon Jo, "Quantifying security risk by measuring network risk conditions," Computer and Information Science (ICIS), 2015 IEEE/ACIS 14th International Conference on. IEEE, July 2015. |
5 | Young Hoon Moon, Ji Hong Kim, Dong Seong Kim and Huy Kang Kim, "Hybrid attack path enumeration system based on reputation scores," In Computer and Information Technology (CIT), 2016 IEEE International Conference on, IEEE, pp. 241-248, Dec, 2016. |
6 | Joonseon Ahn, Byeong-Mo Chang and EunYoung Lee, "Quantitative scoring system on the importance of software vulnerabilities," Journal of The Korea Institute of Information Security & Cryptology, Aug. 2015. |
7 | Yeu-Pong Lai, Po-Lun Hsia, "Using the vulnerability information of computer systems to improve the network security," Computer Communications vol. 30, no. 9, pp. 2032-2047, June 2007. DOI |
8 | TIOBE, "TIOBE Index for August 2018," https://www.tiobe.com/tiobe-index/, Aug. 2018. |
9 | Thanassis Avgerinos, Sang Kil Cha, Alexandre Rebert, Edward J. Schwartz, Maverick Woo and David Brumley, "Automatic Exploit Generation," Communications of the ACM vol. 57, no. 2, pp.74-84, Feb. 2014. DOI |
10 | StatCounter GlobalStats, "Operating System Market Share Worldwide - July 2018," http://gs.statcounter.com/osmarket-share, July 2018. |
11 | Reuters, "Global Enterprise Software Market Size, Share, Trends and Forecast by 2022 - Market Research Report 2017," https://www.reuters.com/brandfeatures/venture-capital/article?id=4981, Apr. 2017. |
12 | RAPID7, "Under the Hoodie: 2018," https://www.rapid7.com/globalassets/_pdfs/research/rapid7-under-the-hoodie-2018-research-report.pdf, July 2018. |
13 | Ashish Arora, Ramayya Krishnan, Rahul Telang and Yubao Yang, "An empirical analysis of software vendors' patch release behavior: impact of vulnerability disclosure," Information Systems Research vol. 21, no. 1, pp. 115-132, Mar. 2010. DOI |
14 | Risk Based Security, "2017 Year End Vulnerability QuickView Report," https://pages.riskbasedsecurity.com/2017-q3-vulnerability-quickview-report, Feb. 2018. |
15 | Christian Fruhwirth and Tomi Mannisto, "Improving CVSS-based vulnerability prioritization and response with context information," Proceedings of the 2009 3rd international Symposium on Empirical Software Engineering and Measurement, IEEE Computer Society, Oct. 2009. |
16 | FIRST, "Common Vulnerability Scoring System(CVSS)" https://www.first.org/cvss/ |
17 | MITRE, "Common Weakness Scoring System(CWSS)" http://cwe.mitre.org/cwss/cwss_v1.0.1.html |
18 | Stefan Frei, Martin May, Ulrich Fiedler and Bernhard Plattner, "Large-scale vulnerability analysis," Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, ACM, Sep. 2006. |
19 | FORRESTER, "Top Cybersecurity Threats In 2018," https://www.forrester.com/report/Top+Cybersecurity+Threats+In+2018/-/E-RES137206, Nov. 2017. |
20 | Mengmeng Ge, Huy Kang Kim and Dong Seong Kim, "Evaluating security and availability of multiple redundancy designs when applying security patches," Dependable Systems and Networks Workshop (DSN-W), 2017 47th Annual IEEE/IFIP International Conference on. IEEE, June 2017. |
21 | Laurent Gallon, "On the impact of environmental metrics on CVSS scores," Social Computing (SocialCom), 2010 IEEE Second International Conference on. IEEE, Aug. 2010. |
22 | Ruyi Wang, Ling Gao, Qian Sun and Deheng Sun, "An improved CVSS-base d vulnerability scoring mechanism," Multimedia Information Networking and Security (MINES), 2011 Third International Conference on. IEEE, Nov. 2011. |
23 | Anshu Tripathi and Umesh Kumar Singh, "On prioritization of vulnerability categories based on CVSS scores," Computer Sciences and Convergence Information Technology (ICCIT), 2011 6th International Conference on. IEEE, Dec. 2011. |
![]() |