2 options
The Common Misuse Scoring System (CMSS) : metrics for software feature misuse vulnerabilities / Elizabeth Van Ruitenbeek, Karen Scarfone.
- Format:
- Book
- Government document
- Author/Creator:
- Van Ruitenbeek, Elizabeth
- Series:
- NISTIR ; 7515.
- NIST special publication. Computer security
- NIST interagency report ; 7517. Computer security
- Language:
- English
- Subjects (All):
- Software configuration management--Standards--Government policy--United States.
- Software configuration management.
- Computer security--Standards--Government policy--United States.
- Computer security.
- United States.
- Physical Description:
- 1 online resource (v, 31 pages)
- Edition:
- Draft.
- Other Title:
- CMSS
- Metrics for software feature misuse vulnerabilities
- Place of Publication:
- Gaithersburg, MD : U.S. Dept. of Commerce, National Institute of Standards and Technology, [2009]
- Summary:
- The Common Misuse Scoring System (CMSS) consists of a set of measures of the severity of software feature misuse vulnerabilities. A software feature misuse vulnerability is present when the trust assumptions made when designing software features can be abused in a way that violates security. Misuse vulnerabilities allow attackers to use for malicious purposes the functionality that was intended to be beneficial. CMSS is derived from the Common Vulnerability Scoring System (CVSS), which was developed to score the severity of vulnerabilities due to software flaws. The CMSS measures are divided into three categories: base, temporal, and environmental. Base metrics assess the intrinsic exploitability of the vulnerability and the impact on confidentiality, integrity, and availability. Temporal metrics measure the time-varying aspects of vulnerability severity, such as the prevalence of exploits. Environmental metrics measure the aspects of vulnerability severity to an organization's environment, such as the local implementation of remediation measures. CMSS also includes a formula that combines those measures to produce a severity score for each vulnerability. CMSS enables organizations to make security decisions based on a standardized quantitative assessment of their vulnerability to software feature misuse.
- Notes:
- Title from title screen (viewed on June 23, 2009).
- "February 2009."
- Includes bibliographical references.
- OCLC:
- 407049953
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.