Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Environmental aware vulnerability scoring

 
: Eitel, Andreas

Institute for Systems and Technologies of Information, Control and Communication -INSTICC-, Setubal:
5th International Conference on Internet of Things, Big Data and Security, IoTBDS 2020. Proceedings : Online Streaming, 7th - 9th May 2020
Setúbal: SciTePress, 2020
ISBN: 978-989-758-426-8
S.478-490
International Conference on Internet of Things, Big Data and Security (IoTBDS) <5, 2020, Online>
Englisch
Konferenzbeitrag
Fraunhofer IESE ()
CVSS; Environmental Metrics; IT-security; Network Security

Abstract
When assessing the CVSS value of a vulnerability, the Environmental Metrics are often ignored. There are several reasons for this. However, this score is essential for the prioritization of vulnerabilities. The author proposes an approach that should generate the environmental score systematically and highly automated. For this purpose, various information about the systems and the network is needed, which should be managed in a model. An algorithm uses the linked information to automatically determine the Environmental Metrics. Experts without a security background should thus be able to determine this score in the same way as experts. The results should also be repeatable and independent of the evaluator.

: http://publica.fraunhofer.de/dokumente/N-603256.html