An empirical measure of computer security strength for vulnerability remediation

Remediating all vulnerabilities on computer systems in a timely and cost effective manner is difficult given that the window of time between the announcement of a new vulnerability and an automated attack has decreased. Hence, organizations need to prioritize the vulnerability remediation process on their computer systems.The goal of this research was to determine and measure vulnerabilities in computer systems to build a model of computer security strength and to determine the set of vulnerabilities that tend to be remotely exploited. Assigning a vulnerability score from the Common Vulnerability Scoring System (CVSS) was utilized to develop the model. After building the security strength model, a regression analysis was conducted on data empirically collected from a honeypot established to analyze which vulnerabilities tend to be targeted based on the security strength of a computer system.By having a standardized method to quantify computer security strength, organizations can make decisions on how to address computer security issues pertinent to their vulnerability remediation processes.