학술논문
Is Vulnerability Report Confidence Redundant? Pitfalls Using Temporal Risk Scores
Document Type
Periodical
Author
Source
IEEE Security & Privacy IEEE Secur. Privacy Security & Privacy, IEEE. 19(4):44-53 Aug, 2021
Subject
Language
ISSN
1540-7993
1558-4046
1558-4046
Abstract
The Common Vulnerability Scoring System score is the de facto standard to assess risk of software vulnerabilities, with three temporal components: exploitability, remediation level, and report confidence. We discuss how the latter may be inferred from the first two, pointing practical and conceptual issues in the usage of temporal risk scores.