During system development,implementation and operation,vulnerability database technique is necessary to system security;there are many vulnerability databases but a lack of quality standardization and general evaluati...During system development,implementation and operation,vulnerability database technique is necessary to system security;there are many vulnerability databases but a lack of quality standardization and general evaluation method are needed.this paper summarized current international popular vulnerability databases,systematically introduced the present situation of current vulnerability databases,and found the problems of vulnerability database technology,extracted common metrics by analyzing vulnerability data of current popular vulnerability databases,introduced 4 measure indexes:the number scale of vulnerabilities,the independence level,the standardization degree and the integrity of vulnerability description,proposed a method for vulnerability database quantitative evaluation using SCAP protocol and corresponding standard,analyzed a large number of vulnerabilities in current popular vulnerability database,quantitative evaluated vulnerability database by the law of normal distribution,the experimental results show this method has strong versatility and science,and it is beneficial to improve the quality and standardization construction for vulnerability database development.展开更多
Computer security is a matter of great interest.In the last decade there have been numerous cases of cybercrime based on the exploitation of software vulnerabilities.This fact has generated a great social concern and ...Computer security is a matter of great interest.In the last decade there have been numerous cases of cybercrime based on the exploitation of software vulnerabilities.This fact has generated a great social concern and a greater importance of computer security as a discipline.In this work,the most important vulnerabilities of recent years are identified,classified,and categorized individually.A measure of the impact of each vulnerability is used to carry out this classification,considering the number of products affected by each vulnerability,as well as its severity.In addition,the categories of vulnerabilities that have the greatest presence are identified.Based on the results obtained in this study,we can understand the consequences of the most common vulnerabilities,which software products are affected,how to counteract these vulnerabilities,and what their current trend is.展开更多
基金This work is supported by the National Key R&D Program of China under Grants 2017YFB 0802300The National Natural Science Fund(No.0901065614001).
文摘During system development,implementation and operation,vulnerability database technique is necessary to system security;there are many vulnerability databases but a lack of quality standardization and general evaluation method are needed.this paper summarized current international popular vulnerability databases,systematically introduced the present situation of current vulnerability databases,and found the problems of vulnerability database technology,extracted common metrics by analyzing vulnerability data of current popular vulnerability databases,introduced 4 measure indexes:the number scale of vulnerabilities,the independence level,the standardization degree and the integrity of vulnerability description,proposed a method for vulnerability database quantitative evaluation using SCAP protocol and corresponding standard,analyzed a large number of vulnerabilities in current popular vulnerability database,quantitative evaluated vulnerability database by the law of normal distribution,the experimental results show this method has strong versatility and science,and it is beneficial to improve the quality and standardization construction for vulnerability database development.
基金part of the BIZDEVOPS-GLOBALUMU project (No.RTI2018-098309-B-C33) supported by the Spanish Ministry of Economy and Competitiveness and the European Fund for Regional Development (ERDF)
文摘Computer security is a matter of great interest.In the last decade there have been numerous cases of cybercrime based on the exploitation of software vulnerabilities.This fact has generated a great social concern and a greater importance of computer security as a discipline.In this work,the most important vulnerabilities of recent years are identified,classified,and categorized individually.A measure of the impact of each vulnerability is used to carry out this classification,considering the number of products affected by each vulnerability,as well as its severity.In addition,the categories of vulnerabilities that have the greatest presence are identified.Based on the results obtained in this study,we can understand the consequences of the most common vulnerabilities,which software products are affected,how to counteract these vulnerabilities,and what their current trend is.
