IVSV: An Improved CVSS Base Score Mechanism with Vulnerability Type
Gagandeep Chawla1, Neeraj Sharma2, Narender Kumar Rawal3
1Gagandeep Chawla*, Computer Applications, Punjab Technical University, Jalandhar, India.
2Dr. Neeraj Sharma, Management & Computer Applications, GJIMT, Mohali, India.
3Dr. Narender Kumar, Computer Science & Engineering H.N.B Garhwal University, Srinagar, India.
Manuscript received on July 05, 2019. | Revised Manuscript received on August 14, 2019. | Manuscript published on August 30, 2019. | PP: 4946-4950 | Volume-8 Issue-6, August 2019. | Retrieval Number: F9245088619/2019©BEIESP | DOI: 10.35940/ijeat.F9245.088619
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Increased demand of Software and Applications offer intruders to perform malicious activities and exploit user’s personal data. Ignorance of security measures and tools while coding the software promotes the vulnerabilities and flaws. Developing a secure and bug free software is a big challenge for a developer and needs proper attention towards safety features. A single security mistake can lead to a loss of important information or confidential business data. Software companies and other organizations are looking for improved vulnerability security systems to narrow down the risk of vulnerabilities. Risks like social security attacks, bugs, phishing emails, vulnerabilities, virus attacks and more, hover over the IT industry. Threats are possible from all directions and in many different ways, so having an adequate vulnerability scoring mechanism is highly needed to reduce the risk of attacks. Identifying these threats before they get close enough to do damage is the most practical way to handle them. CVSS-V2 (Common Vulnerability Scoring System) is a standard for scoring the severity of vulnerabilities. CVSS-V2 uses three equations (Base, Temporal and Environmental) to capture and rate vulnerability severity. Numerous IT companies and government organizations rely on CVSS to evaluate and prioritize vulnerabilities. This paper proposes a method as an improvement over CVSS-V2 scoring system by introducing “Vulnerability type” in its base score equation.
Keywords: CVSS-V2, Vulnerability type, IVSV, NVD.