XVRS: Extended Vulnerability Risk Scoring based on Threat Intelligence

Ensar Seker, Weizhi Meng

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

Vulnerability scoring is a powerful tool for managing vulnerabilities and the associated risk. It is used to uncover and assess security vulnerabilities in various systems, networks, and applications. Vulnerability scoring has become an integral part of vulnerability management, which is, in turn, an essential component of any cybersecurity program. By implementing threat intelligence (e.g., vulnerability scoring), security professionals can identify and address potential threats more efficiently. Threat intelligence provides key recommendations to security teams that use a risk-based approach to decide how to respond to incidents. In addition, incorporating a prioritization process—with guidance from a framework—helps professionals make informed decisions about the best mitigation strategies. Moreover, threat intelligence provides real-time context, equipping security teams to respond quickly to new threats as they emerge. Threat intelligence comes in a number of different flavors, each of which leverages different strategies to facilitate vulnerability management and help security teams prioritize vulnerabilities and respond to incidents faster.However, in most cases, vulnerability scores are calculated based on the perceived severity of the vulnerability—but not the estimated risk. This work highlights the importance of vulnerability intelligence (i.e., threat intelligence that focuses on vulnerabilities) and how it can be used to help security professionals make better decisions about mitigating vulnerabilities and the associated risk. In particular, we introduce a new algorithm, dubbed XVRS (Extended Vulnerability Risk Scoring), to calculate vulnerability scores by incorporating the element of risk into the calculation.
Original languageEnglish
Title of host publicationProceedings of the 2023 IEEE International Conference on Metaverse Computing, Networking and Applications
PublisherIEEE
Publication date2023
Pages516-523
ISBN (Print)979-8-3503-3334-3
ISBN (Electronic)979-8-3503-3333-6
DOIs
Publication statusPublished - 2023
Event2023 IEEE International Conference on Metaverse Computing, Networking and Applications - Kyoto, Japan
Duration: 26 Jun 202328 Jun 2023

Conference

Conference2023 IEEE International Conference on Metaverse Computing, Networking and Applications
Country/TerritoryJapan
CityKyoto
Period26/06/202328/06/2023

Keywords

  • Dark Web
  • Computer hacking
  • Social networking (online)
  • Metaverse
  • Databases
  • Organizations
  • Data breach

Fingerprint

Dive into the research topics of 'XVRS: Extended Vulnerability Risk Scoring based on Threat Intelligence'. Together they form a unique fingerprint.

Cite this