Paper Abstract and Keywords |
Presentation |
2024-03-22 15:45
Software Vulnerability Risk Growth Model for CVSS 4 Metrics Sora Okada, Takashi Minohara, Masaya Shimakawa (Takushoku Univ.) CPSY2023-47 DC2023-113 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Information system administrators must pay attention to system vulnerability information and take appropriate measures against security attacks on the systems they manage. However, as the number of security vulnerability reports increases, the time required to implement vulnerability remediation also increases, therefore vulnerability risks must be assessed and prioritized. Especially in the early stages of vulnerability discovery, such as zero-day attacks, the risk assessment must consider changes over time,since it takes time for the attack and countermeasures to spread.
The Common Vulnerability Scoring System (CVSS) is used widely for vulnerability risk assessment, but it cannot be said that it can sufficiently cope with temporal changes of risk of attacks. We have proposed a software vulnerability risk growth model that focuses on the difference between the reservation time and the publication time of CVEs. The model is based on CVSS version 3.1, but the official specification of CVSS version 4.0 was published in 2023. CVSS 3.1 will be replaced by version 4.0 in the near future. In this study, we examined how to adapt our vulnerability risk growth model to CVSS 4.0. We also report the results of applying the model to CVSS 4.0 examples. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Vulnerability / Risk assessment / CVE / CVSS / Time dependency / / / |
Reference Info. |
IEICE Tech. Rep., vol. 123, no. 451, DC2023-113, pp. 53-58, March 2024. |
Paper # |
DC2023-113 |
Date of Issue |
2024-03-14 (CPSY, DC) |
ISSN |
Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
CPSY2023-47 DC2023-113 |
Conference Information |
Committee |
DC CPSY IPSJ-SLDM IPSJ-EMB IPSJ-ARC |
Conference Date |
2024-03-21 - 2024-03-23 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Ikinoshima Hall |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
ETNET2024 |
Paper Information |
Registration To |
DC |
Conference Code |
2024-03-DC-CPSY-SLDM-EMB-ARC |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Software Vulnerability Risk Growth Model for CVSS 4 Metrics |
Sub Title (in English) |
|
Keyword(1) |
Vulnerability |
Keyword(2) |
Risk assessment |
Keyword(3) |
CVE |
Keyword(4) |
CVSS |
Keyword(5) |
Time dependency |
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Sora Okada |
1st Author's Affiliation |
Takushoku University (Takushoku Univ.) |
2nd Author's Name |
Takashi Minohara |
2nd Author's Affiliation |
Takushoku University (Takushoku Univ.) |
3rd Author's Name |
Masaya Shimakawa |
3rd Author's Affiliation |
Takushoku University (Takushoku Univ.) |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-2 |
Date Time |
2024-03-22 15:45:00 |
Presentation Time |
25 minutes |
Registration for |
DC |
Paper # |
CPSY2023-47, DC2023-113 |
Volume (vol) |
vol.123 |
Number (no) |
no.450(CPSY), no.451(DC) |
Page |
pp.53-58 |
#Pages |
6 |
Date of Issue |
2024-03-14 (CPSY, DC) |
|