Conversion of CVSS Base Score from 2.0 to 3.1

In this paper an application of machine learning algorithms (MLA) to convert the Common Vulnerability Scoring System (CVSS) ratings from version 2.0 to 3.1 is discussed. CVSS is an international industry standard that describes vul-nerabilities and provides measurable risk indicators. By 2015, only...

Full description

Saved in:
Bibliographic Details
Main Authors: Nowak, Maciej, Walkowski, Michal, Sujecki, Slawomir
Format: Conference Proceeding
Language:English
Subjects:
Computer networks
CVSS score
Industries
machine learning
Machine learning algorithms
Measurement
Organizations
security
Software
Standards organizations
well-known vulnerabili-ties
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper an application of machine learning algorithms (MLA) to convert the Common Vulnerability Scoring System (CVSS) ratings from version 2.0 to 3.1 is discussed. CVSS is an international industry standard that describes vul-nerabilities and provides measurable risk indicators. By 2015, only version 2.0 of CVSS was used, while the latest and most advanced CVSS version - 3.1, was introduced in 2019. Due to a large number of vulnerabilities found to date, not all publicly known vulnerabilities have been assigned a CVSS 3.1 score. This situation hinders many organizations in moving from CVSS 2.0 to 3.1 standard. The application of machine learning algorithms presented in this contribution allows calculation of the missing CVSS 3.1 scores and thus should facilitate for many organisations the transition to CVSS 3.1 standard. The method additionally provides repeatable conversions of base metrics parameters to newer standard with efficiency higher than 90% (median).
ISSN:1847-358X
DOI:10.23919/SoftCOM52868.2021.9559092