Developing a Value-Based Software Vulnerability Patching Scheme
Ladataan...
1.52 MB
suljettu
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
Pysyvä osoite
Verkkojulkaisu
DOI
Tiivistelmä
A problem faced by many companies with sizable cyber ecosystem is the prevalence of security vulnerabilities affecting their various resources. All vulnerabilities are not created equal - one may merely allow a slight inconvenience in very specific conditions, and another may enable a malicious party to completely hijack a system at will. To classify them, many systems such as CVSS exist and are being widely used, but they generally do not represent the risk that the presence of a vulnerability affects objectively. In this thesis we aim to deliver a set of schemes that first help define the more difficult aspects of CVSS, then we use a set of risk management and vulnerability analysis tools to create a tool for evaluating the financial risk they impose, and finally craft a framework for prioritizing vulnerability management work in a way that is comparable with other work done in the organization.