Vulnerability risk assessment is a crucial process in security management, and the CVSS score is the standard-de-facto risk metric for software vulnerabilities. In this manuscript I show that current risk assessment methodologies do not fit real “in the wild” attack data. I also present my three-steps plan to identify an Internet-scale risk assessment methodology that accounts for attacker economics and opportunities. Eventu- ally, I want to provide answers like the following: “If we de- ploy this security measure, the fraction of our users affected by this type of cyber attacks will be less than X%”.

Internet-scale vulnerability risk assessment (Extended Abstract) Research proposal

Allodi, Luca
2013

Abstract

Vulnerability risk assessment is a crucial process in security management, and the CVSS score is the standard-de-facto risk metric for software vulnerabilities. In this manuscript I show that current risk assessment methodologies do not fit real “in the wild” attack data. I also present my three-steps plan to identify an Internet-scale risk assessment methodology that accounts for attacker economics and opportunities. Eventu- ally, I want to provide answers like the following: “If we de- ploy this security measure, the fraction of our users affected by this type of cyber attacks will be less than X%”.
Proceeding of the 2012 USENIX Workshop on Large-Scale Exploits and Emergent Threats
USA
USENIX Association
Allodi, Luca
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11572/33428
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact