Table of Contents Author Guidelines Submit a Manuscript
Journal of Applied Mathematics
Volume 2014, Article ID 932397, 9 pages
http://dx.doi.org/10.1155/2014/932397
Research Article

A Software Vulnerability Rating Approach Based on the Vulnerability Database

School of Software, Tsinghua University, Beijing 100084, China

Received 14 March 2014; Accepted 14 May 2014; Published 29 May 2014

Academic Editor: Xiaoyu Song

Copyright © 2014 Jian Luo et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. M. Bozorgi, L. K. Saul, S. Savage, and G. M. Voelker, “Beyond heuristics: learning to classify vulnerabilities and predict exploits,” in Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '10), pp. 105–113, July 2010. View at Publisher · View at Google Scholar · View at Scopus
  2. N. Poolsappasit, R. Dewri, and I. Ray, “Dynamic security risk management using Bayesian attack graphs,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 1, pp. 61–74, 2012. View at Publisher · View at Google Scholar · View at Scopus
  3. Forum of Incident Response and Security Teams, “CVSS Adopters,” http://www.first.org/cvss/eadopters.html.
  4. National Institute of Standards and Technology, “National vulnerability database,” http://nvd.nist.gov/.
  5. P. Mell, K. Scarfone, and S. Romanosky, “Common vulnerability scoring system (CVSS),” 2011, http://www.first.org/cvss/cvss-guide.html.
  6. K. Scarfone and P. Mell, “An analysis of CVSS version 2 vulnerability scoring,” in Proceedings of the 3rd International Symposium on Empirical Software Engineering and Measurement (ESEM '09), pp. 516–525, October 2009. View at Publisher · View at Google Scholar · View at Scopus
  7. National Infrastructure Advisory Council, “Common vulnerability scoring system,” 2004, http://www.first.org/cvss/cvss-dhs-12-02-04.pdf.
  8. G. Reid, P. Mell, and K. Scarfone, “Cvss-sig version 2 history,” Forum of Incident Response and Security Teams, June 2009, http://www.first.org/cvss/history.html.
  9. MITRE Corporation, “Common vulnerabilities and exposures (cve),” August 2009, http://cve.mitre.org/.
  10. National Institute of Standards and Technology, “National vulnerability database cvss scoring,” August 2009, http://nvd.nist.gov/cvss.cfm.