Visible to the public Evaluating the Soundness of Security Metrics from Vulnerability Scoring Frameworks

TitleEvaluating the Soundness of Security Metrics from Vulnerability Scoring Frameworks
Publication TypeConference Paper
Year of Publication2020
AuthorsSamuel, J., Aalab, K., Jaskolka, J.
Conference Name2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Date PublishedJan. 2021
ISBN Number978-1-6654-0392-4
KeywordsConferences, decision making, gaussian distribution, Guidelines, Measurement, Metrics, privacy, pubcrawl, security, security metric, security metrics, sound metric, system security, vulnerability scoring

Over the years, a number of vulnerability scoring frameworks have been proposed to characterize the severity of known vulnerabilities in software-dependent systems. These frameworks provide security metrics to support decision-making in system development and security evaluation and assurance activities. When used in this context, it is imperative that these security metrics be sound, meaning that they can be consistently measured in a reproducible, objective, and unbiased fashion while providing contextually relevant, actionable information for decision makers. In this paper, we evaluate the soundness of the security metrics obtained via several vulnerability scoring frameworks. The evaluation is based on the Method for DesigningSound Security Metrics (MDSSM). We also present several recommendations to improve vulnerability scoring frameworks to yield more sound security metrics to support the development of secure software-dependent systems.

Citation Keysamuel_evaluating_2020