Vulnerability risk assessment is a crucial process in security management, and the CVSS score is the standard-de-facto risk metric for software vulnerabilities. In this manuscript I show that current risk assessment methodologies do not fit real “in the wild” attack data. I also present my three-steps plan to identify an Internet-scale risk assessment methodology that accounts for attacker economics and opportunities. Eventu- ally, I want to provide answers like the following: “If we de- ploy this security measure, the fraction of our users affected by this type of cyber attacks will be less than X%”.
Internet-scale vulnerability risk assessment (Extended Abstract) Research proposal
Allodi, Luca
2013-01-01
Abstract
Vulnerability risk assessment is a crucial process in security management, and the CVSS score is the standard-de-facto risk metric for software vulnerabilities. In this manuscript I show that current risk assessment methodologies do not fit real “in the wild” attack data. I also present my three-steps plan to identify an Internet-scale risk assessment methodology that accounts for attacker economics and opportunities. Eventu- ally, I want to provide answers like the following: “If we de- ploy this security measure, the fraction of our users affected by this type of cyber attacks will be less than X%”.File in questo prodotto:
Non ci sono file associati a questo prodotto.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
