Affiliation:
1. The Aerospace Corporation
Abstract
The Common Vulnerability Scoring System is at the core of vulnerability management for systems of private corporations to highly classified government networks, allowing organizations to prioritize remediation in descending order of risk. With a lack of justification for its underlying formula, inconsistencies in its specification document, and no correlation to exploited vulnerabilities in the wild, it is unable to provide a meaningful metric for describing a vulnerability's severity, let alone risk. As it stands, this standard compromises the security of America?s most sensitive information systems.
Publisher
Association for Computing Machinery (ACM)
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献