BEYOND VULNERABILITY PRIORITIZATION: UNLOCKING THE COMPREHENSIVE POTENTIAL OF CVSS FOR HOLISTIC CYBERSECURITY
Keywords:
CVSS, Vulnerability Management, Risk Assessment, Prediction Modeling, Security FrameworksAbstract
The Common Vulnerability Scoring System (CVSS) is primarily known as a tool for prioritizing vulnerabilities in patch management. However, CVSS has broader applications, offering a standardized framework to describe the nuanced characteristics of vulnerabilities that can benefit various aspects of cybersecurity. This paper reexamines CVSS by highlighting its use as a common language across security operations, its predictive value in risk models, and its applications in software development. We argue that CVSS is underutilized and frequently misapplied, advocating for a strategic approach that leverages its descriptive power to enhance cybersecurity decision-making beyond simple scoring.
References
Mell, P., Scarfone, K., & Romanosky, S. (2007). A Complete Guide to the Common Vulnerability Scoring System Version 2.0. National Institute of Standards and Technology.
FIRST. (2019). Common Vulnerability Scoring System v3.1: Specification Document. Forum of Incident Response and Security Teams.
Baker, A., et al. (2022). Predictive Metrics in Vulnerability Management: The Role of EPSS in Security Planning. Journal of Cybersecurity.
Loughran, T. (2020). Beyond the Score: The Need for Context in CVSS Applications. International Journal of Information Security, 19(4), 323–339.
Böttcher, L., et al. (2021). The Future of Adaptive Security: Leveraging Contextual Data and Predictive Scoring. IEEE Security & Privacy.
Downloads
Published
Issue
Section
License
Copyright (c) 2023 Santosh Kumar Kande , Hari Krishna Reddy Swarna (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
