Abstract
Vulnerability scoring is a powerful tool for managing vulnerabilities and the associated risk. It is used to uncover and assess security vulnerabilities in various systems, networks, and applications. Vulnerability scoring has become an integral part of vulnerability management, which is, in turn, an essential component of any cybersecurity program. By implementing threat intelligence (e.g., vulnerability scoring), security professionals can identify and address potential threats more efficiently. Threat intelligence provides key recommendations to security teams that use a risk-based approach to decide how to respond to incidents. In addition, incorporating a prioritization process—with guidance from a framework—helps professionals make informed decisions about the best mitigation strategies. Moreover, threat intelligence provides real-time context, equipping security teams to respond quickly to new threats as they emerge. Threat intelligence comes in a number of different flavors, each of which leverages different strategies to facilitate vulnerability management and help security teams prioritize vulnerabilities and respond to incidents faster.However, in most cases, vulnerability scores are calculated based on the perceived severity of the vulnerability—but not the estimated risk. This work highlights the importance of vulnerability intelligence (i.e., threat intelligence that focuses on vulnerabilities) and how it can be used to help security professionals make better decisions about mitigating vulnerabilities and the associated risk. In particular, we introduce a new algorithm, dubbed XVRS (Extended Vulnerability Risk Scoring), to calculate vulnerability scores by incorporating the element of risk into the calculation.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2023 IEEE International Conference on Metaverse Computing, Networking and Applications |
Publisher | IEEE |
Publication date | 2023 |
Pages | 516-523 |
ISBN (Print) | 979-8-3503-3334-3 |
ISBN (Electronic) | 979-8-3503-3333-6 |
DOIs | |
Publication status | Published - 2023 |
Event | 2023 IEEE International Conference on Metaverse Computing, Networking and Applications - Kyoto, Japan Duration: 26 Jun 2023 → 28 Jun 2023 |
Conference
Conference | 2023 IEEE International Conference on Metaverse Computing, Networking and Applications |
---|---|
Country/Territory | Japan |
City | Kyoto |
Period | 26/06/2023 → 28/06/2023 |
Keywords
- Dark Web
- Computer hacking
- Social networking (online)
- Metaverse
- Databases
- Organizations
- Data breach