Cyber security for Commercial Off-The-Shelf (COTS) and open source software systems – A new system-to-function Vulnerability/Impact Assessment Methodology (VI-AM) based on the Common Vulnerabilities Exposures / Common Vulnerability Scoring System (CVE/CVSS) databases (Version 1.0)


  1. Couture, M.
Corporate Authors
Defence Research and Development Canada, Valcartier Research Centre, Quebec QC (CAN)
Operating systems and software applications will likely always contain software flaws that may be exploited by hackers to attack Governmental computing infrastructure. Assessing the presence of vulnerabilities in these systems and their potential impacts on military operations are important tasks that must be performed to identify and apply the best corrective actions that will make these systems and the services they deliver more “cyber secure.” This Scientific Report presents a new methodology, the Vulnerability Impact Assessment Methodology (VI-AM). VI-AM can be used to assess vulnerabilities in software systems and the effects they may produce at the system and operational function levels. This methodology uses publicly available standardized CVE/CVSS datasets and metrics to express: a) required maximum impacts that can be tolerated at the operational functions level, and b) actual computed impacts for the same functions (based on vulnerability scans). Gap analyses then generate information to help prioritize corrective actions on the systems to make operational functions more cyber secure.

Il y a un résumé en français ici.

Cyber-threat;Online cyber-surveillance;vulnerability assessment process
Report Number
DRDC-RDDC-2017-R148 — Scientific Report
Date of publication
01 Nov 2017
Number of Pages
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: