Evaluating the Soundness of Security Metrics from Vulnerability Scoring Frameworks
| Title | Evaluating the Soundness of Security Metrics from Vulnerability Scoring Frameworks |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Samuel, J., Aalab, K., Jaskolka, J. |
| Conference Name | 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) |
| Date Published | Jan. 2021 |
| Publisher | IEEE |
| ISBN Number | 978-1-6654-0392-4 |
| Keywords | Conferences, decision making, gaussian distribution, Guidelines, Measurement, Metrics, privacy, pubcrawl, security, security metric, security metrics, sound metric, system security, vulnerability scoring |
| Abstract | Over the years, a number of vulnerability scoring frameworks have been proposed to characterize the severity of known vulnerabilities in software-dependent systems. These frameworks provide security metrics to support decision-making in system development and security evaluation and assurance activities. When used in this context, it is imperative that these security metrics be sound, meaning that they can be consistently measured in a reproducible, objective, and unbiased fashion while providing contextually relevant, actionable information for decision makers. In this paper, we evaluate the soundness of the security metrics obtained via several vulnerability scoring frameworks. The evaluation is based on the Method for DesigningSound Security Metrics (MDSSM). We also present several recommendations to improve vulnerability scoring frameworks to yield more sound security metrics to support the development of secure software-dependent systems. |
| URL | https://ieeexplore.ieee.org/document/9343145 |
| DOI | 10.1109/TrustCom50675.2020.00067 |
| Citation Key | samuel_evaluating_2020 |