Common Vulnerability Rating Method

doi:10.3969/j.issn.1000-3428.2008.19.046

Computer Engineering ›› 2008, Vol. 34 ›› Issue (19): 133-136,.

• Security Technology • Previous Articles Next Articles

Common Vulnerability Rating Method

WANG Qiu-yan1,2, ZHANG Yu-qing2

(1. School of Telecommunication Engineering, Xidian University, Xi’an 710071; 2. National Computer Network Intrusion Protection Center, Graduate University of Chinese Academy of Sciences, Beijing 100043)

Received:1900-01-01 Revised:1900-01-01 Online:2008-10-05 Published:2008-10-05

一种通用漏洞评级方法

王秋艳1,2，张玉清2

(1. 西安电子科技大学通信工程学院，西安 710071；2. 中国科学院研究生院国家计算机网络入侵防范中心，北京 100043)

Abstract

Abstract: Vulnerability is the main origin of network security incident. A large number of vulnerabilities and their dangers make rating vulnerabilities become particularly important. This paper analyzes well-known security agencies and manufacturers’ characteristics of rating vulnerability, introduces the Common Vulnerability Scoring System(CVSS) and its shortcomings, proposes a more complete quantitative rating system CVRS on the basis of CVSS against CVSS’s shortcomings, and illustrates the validity and superiority of CVRS through some instances.

Key words: vulnerability, Common Vulnerability Scoring System(CVSS), rating method

摘要： 漏洞是网络安全事件的主要根源，漏洞的大量存在及其带来的危害使漏洞评级变得尤为重要。该文分析目前著名安全机构和生产厂商对漏洞进行评级的特点，介绍通用缺陷评估系统(CVSS)及其存在的缺点，在CVSS的基础上提出一种更完善的定量评级方法CVRS，通过评估实例说明了CVRS的有效性和优越性。

关键词: 漏洞, 通用缺陷评估系统, 评级方法

CLC Number:

TP309

WANG Qiu-yan; ZHANG Yu-qing. Common Vulnerability Rating Method[J]. Computer Engineering, 2008, 34(19): 133-136,.

王秋艳;张玉清. 一种通用漏洞评级方法[J]. 计算机工程, 2008, 34(19): 133-136,.

/ Recommend / Download Citations

URL:

https://www.ecice06.com/EN/Y2008/V34/I19/133

[1]	LIU Zhuang, GU Kangzheng, TAN Xin, ZHANG Yuan. Automatic Generation of Code for Heap Spraying Object Manipulation Targeting Kernel Vulnerability Exploitation [J]. Computer Engineering, 2025, 51(4): 178-187.
[2]	GAO Shan, WANG Chengyu, BI Chengming, ZHU Tieying. Smart Contract Reentrancy Vulnerability Detection Based on Symbolic Execution [J]. Computer Engineering, 2024, 50(10): 196-204.
[3]	Sha ZHOU, Guowei SHEN, Chun GUO. Vulnerability Information Completion Based on Security Knowledge Graph and Reverse Features [J]. Computer Engineering, 2024, 50(1): 145-155.
[4]	ZHANG Liqun, PAN Zulie, HUANG Hui, WANG Ruipeng, LI Yang. Research on Automatic Verification Method of Tcache Poisoning Heap Vulnerability Based on Symbolic Execution [J]. Computer Engineering, 2023, 49(6): 24-33.
[5]	GU Yunjie, WU Changhe, WU Qing, ZHANG Wei, Lü Tianhang, HU Qi, SONG Xiaobin, YAN Jiyu. Cascade Vulnerability Scanning Engine Deployment Strategy for Delay Optimization [J]. Computer Engineering, 2023, 49(3): 161-167,176.
[6]	Huayu LIU, Shuitao GAN, Xiaokang YIN, Xiaolong LIU, Shengli LIU, Hongliang LI. A Gray-box Test Technology Based on Intelligent Inference of Protocol Format [J]. Computer Engineering, 2023, 49(12): 129-135, 145.
[7]	Peng ZHENG, Letian SHA. Java Deserialization Vulnerability Detection Method Based on Hybrid Analysis [J]. Computer Engineering, 2023, 49(12): 136-145.
[8]	LI Minglei, LU Yuliang, HUANG Hui, ZHU Kailong. Guided Grey-Box Fuzzing Test Method Combining Distance and Weight [J]. Computer Engineering, 2021, 47(3): 147-154.
[9]	WANG Hui, ZHAO Ya, ZHANG Juan, LIU Kun. Research on Attack Path Prediction Based on PANAG Model [J]. Computer Engineering, 2020, 46(9): 154-162.
[10]	OUYANG Hengyi, XIONG Yan, HUANG Wenchao. A Formal Modeling and Verification Method for Token Smart Contract [J]. Computer Engineering, 2020, 46(10): 41-45,51.
[11]	ZHANG Wanying, CAO Xiaomei, CHEN Wei. Solution for Environment Interaction Problem in Whitebox Fuzz Testing [J]. Computer Engineering, 2020, 46(1): 216-221.
[12]	WANG Hui, LOU Yalong, DAI Tianwang, RU Xinxin, LIU Kun. Vulnerability Evaluation Algorithm Based on BNAG Model [J]. Computer Engineering, 2019, 45(9): 128-135,142.
[13]	LIAO Fangyuan, GAN Zhiwang. Vulnerability Analysis and Detection of Android System Signature [J]. Computer Engineering, 2019, 45(8): 25-30.
[14]	ZHOU Weiping, YANG Weiyong, WANG Xuehua, MAO Bing. Research on Penetration Testing Tool for Industrial Control System [J]. Computer Engineering, 2019, 45(8): 92-101.
[15]	HUANG He, CHEN Jun, DENG Haojiang. Fuzzy Testing Algorithm for Modbus/TCP Based on Recurrent Neural Networks [J]. Computer Engineering, 2019, 45(7): 164-169.

Please choose a citation manager

Content to export

Common Vulnerability Rating Method

一种通用漏洞评级方法

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments

模态框（Modal）标题

Please choose a citation manager

Content to export

Common Vulnerability Rating Method

一种通用漏洞评级方法

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments