Cyber security for Commercial Off-The-Shelf (COTS) and open source software systems – A new system-to-function Vulnerability/Impact Assessment Methodology (VI-AM) based on the Common Vulnerabilities Exposures / Common Vulnerability Scoring System (CVE/CVSS) databases (Version 1.0)
- Authors
- Corporate Authors
- Defence Research and Development Canada, Valcartier Research Centre, Quebec QC (CAN)
- Abstract
- Operating systems and software applications will likely always contain software flaws that may be exploited by hackers to attack Governmental computing infrastructure. Assessing the presence of vulnerabilities in these systems and their potential impacts on military operations are important tasks that must be performed to identify and apply the best corrective actions that will make these systems and the services they deliver more “cyber secure.” This Scientific Report presents a new methodology, the Vulnerability Impact Assessment Methodology (VI-AM). VI-AM can be used to assess vulnerabilities in software systems and the effects they may produce at the system and operational function levels. This methodology uses publicly available standardized CVE/CVSS datasets and metrics to express: a) required maximum impacts that can be tolerated at the operational functions level, and b) actual computed impacts for the same functions (based on vulnerability scans). Gap analyses then generate information to help prioritize corrective actions on the systems to make operational functions more cyber secure.
- Keywords
- Cyber-threat;Online cyber-surveillance;vulnerability assessment process
- Report Number
- DRDC-RDDC-2017-R148 — Scientific Report
- Date of publication
- 01 Nov 2017
- Number of Pages
- 30
- DSTKIM No
- CA045423
- CANDIS No
- 805830
- Format(s):
- Electronic Document(PDF)
Document 1 of 1
- Date modified: