IDEAS home Printed from https://ideas.repec.org/h/spr/prbchp/978-981-10-5577-5_3.html
   My bibliography  Save this book chapter

An Improved Scoring System for Software Vulnerability Prioritization

In: Quality, IT and Business Operations

Author

Listed:
  • Ruchi Sharma

    (Indira Gandhi Delhi Technical University for Women)

  • R. K. Singh

    (Indira Gandhi Delhi Technical University for Women)

Abstract

A number of software vulnerabilities are detected during the software life cycle. Some vulnerabilities are critical and require immediate analysis and plan for their fixation, while the ones with a low damage potential can be left unattended for some time while fixing the more critical ones. Prioritization of vulnerabilities helps in determining order of vulnerability response for increased efficiency and effective utilization of resources. Existing prioritization techniques are static in their approach, and the score once generated remains associated with the vulnerability. However, the impact of the vulnerability will vary over a period of time. In this paper, we proposed a dynamic scoring system for vulnerability prioritization that takes into account two temporal attributes, namely, vulnerability index and remediation level which significantly affects the severity of a vulnerability.

Suggested Citation

  • Ruchi Sharma & R. K. Singh, 2018. "An Improved Scoring System for Software Vulnerability Prioritization," Springer Proceedings in Business and Economics, in: P.K. Kapur & Uday Kumar & Ajit Kumar Verma (ed.), Quality, IT and Business Operations, pages 33-43, Springer.
  • Handle: RePEc:spr:prbchp:978-981-10-5577-5_3
    DOI: 10.1007/978-981-10-5577-5_3
    as

    Download full text from publisher

    To our knowledge, this item is not available for download. To find whether it is available, there are three options:
    1. Check below whether another version of this item is available online.
    2. Check on the provider's web page whether it is in fact available.
    3. Perform a search for a similarly titled item that would be available.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Ruchi Sharma & Ritu Sibal & Sangeeta Sabharwal, 2021. "Software vulnerability prioritization using vulnerability description," International Journal of System Assurance Engineering and Management, Springer;The Society for Reliability, Engineering Quality and Operations Management (SREQOM),India, and Division of Operation and Maintenance, Lulea University of Technology, Sweden, vol. 12(1), pages 58-64, February.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:prbchp:978-981-10-5577-5_3. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.