Methodology for Evaluating the Fitness of Vulnerability Assessment Tools for Automated Computer Network Defence

Authors
  1. Montuno, D.
Corporate Authors
Defence Research and Development Canada, Ottawa Research Centre, Ottawa ON (CAN);Solana Networks - Ottawa, ON (CAN)
Abstract
This document describes a methodology for generating acceptance and scoring criteria for evaluating vulnerability assessment tools. The requirement for this methodology was driven by previous evaluation efforts, in which it became clear that there was no existing method or process for performing such an evaluation. Furthermore, comparison between tools was found to be difficult because each solution presented its findings and recommendations in different ways. Vulnerability assessment tools can offer varying capabilities, including asset discovery, vulnerability discovery, remediation, and in some cases, penetration testing. They have also grown in coverage breadth from assessing software and configurations on traditional networks to on web applications and in the cloud. Vulnerability assessment is also part of vulnerability management which is also part of overall security risk management. Given the large number of tools with different capabilities across this problem space, evaluating them for fitness depends on the specific needs of the consumer. In this general context, we investigate and research the methodology, including its scoring method, for evaluating vulnerability assessment tools for enabling automated Computer Network Defence (CND). By following the provided methodology, the evaluator will be able to extract the vulnerability assessment characteristics and use them to formulate acceptance criteria and scoring cards. Using these with evidence collected from the e

Il y a un résumé en français ici.

Keywords
Methodology;Vulnerability Scanner;Assessment
Report Number
DRDC-RDDC-2019-C082 — Contract Report
Date of publication
01 Apr 2019
Number of Pages
107
DSTKIM No
CA049378
CANDIS No
810149
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: