| 一种通用漏洞评级方法 |
| |
| 引用本文: | 王秋艳,张玉清.一种通用漏洞评级方法[J].计算机工程,2008,34(19):133-136. |
| |
| 作者姓名: | 王秋艳 张玉清 |
| |
| 作者单位: | 1. 西安电子科技大学通信工程学院,西安,710071;中国科学院研究生院国家计算机网络入侵防范中心,北京,100043
2. 中国科学院研究生院国家计算机网络入侵防范中心,北京,100043 |
| |
| 基金项目: | 国家自然科学基金,国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 漏洞是网络安全事件的主要根源,漏洞的大量存在及其带来的危害使漏洞评级变得尤为重要。该文分析目前著名安全机构和生产厂商对漏洞进行评级的特点,介绍通用缺陷评估系统(CVSS)及其存在的缺点,在CVSS的基础上提出一种更完善的定量评级方法CVRS,通过评估实例说明了CVRS的有效性和优越性。
|
| 关 键 词: | 漏洞 通用缺陷评估系统 评级方法 |
| 修稿时间: | |
Common Vulnerability Rating Method |
| |
| WANG Qiu-yan,ZHANG Yu-qing.Common Vulnerability Rating Method[J].Computer Engineering,2008,34(19):133-136. |
| |
| Authors: | WANG Qiu-yan ZHANG Yu-qing |
| |
| Affiliation: | (1. School of Telecommunication Engineering, Xidian University, Xi’an 710071; 2. National Computer Network Intrusion Protection Center, Graduate University of Chinese Academy of Sciences, Beijing 100043) |
| |
| Abstract: | Vulnerability is the main origin of network security incident. A large number of vulnerabilities and their dangers make rating vulnerabilities become particularly important. This paper analyzes well-known security agencies and manufacturers’ characteristics of rating vulnerability, introduces the Common Vulnerability Scoring System(CVSS) and its shortcomings, proposes a more complete quantitative rating system CVRS on the basis of CVSS against CVSS’s shortcomings, and illustrates the validity and superiority of CVRS through some instances. |
| |
| Keywords: | vulnerability Common Vulnerability Scoring System(CVSS) rating method |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
