Xudong Miao, Yongchun Wang, Xingchen Cao, Binbin Qu, Sheng Jiang, Feng Fang

期刊

期刊名称：IEEE

出版日期：2015

所在页数：424-427

摘要

At present, most of the software security assessment system can only evaluate the potential impact of a single vulnerability on the system which ignore the impact of the multiple vulnerabilities. Therefore, we introduce the concept of relevance vulnerability pattern and design a relevance vulnerability pattern library taking consider of the potential impact caused by multiple vulnerabilities. After that, a software assessment method is given based on relevance vulnerability. Experimental results show that the evaluation results are comprehensive and objective.

关键词

software security assessment; quantitative assessment

[pdf]