| In promoting the rapid development of network technology, the openness and commercialization of the Internet also bring us a variety of network security issues. Moreover, vulnerability is the biggest hidden danger of network security issues and the main origin of network security incident. A large number of vulnerabilities and their varying degrees of harm make rating vulnerabilities become particularly important. The main points of this paper are as follow:1. Studied the collection and dissemination system of security vulnerabilities. Mainly focus on vulnerability information sources, the methods of extracting vulnerability information, the manner of publication vulerability, as well as a good search function.2. Conducted in-depth research on both domestic and foreign security vulnerability rating standards, which focus on analysis of Common Vulnerability Scoring System (CVSS).3. Summarized the principles ideal rating standards should meet. Then in accordance with those principles analyzed the characteristics of existing rating standards and the problems they exist.4. Against these problems, study a new set of metrics and attribute values, the evaluation process, the severity level classification, and illustrated the validity and superiority of CVRS through some examples.5. Realized the vulnerability rating system and the selection system of important vulnerabilities using C#.Based on analysis and research of the existing rating standards, combined with the advantages of manufacturers and security organization's rating system, this paper proposed a more comprehensive rating system CVRS on the basis of CVSS, and realized this rating system and the selection system of important vulnerabilities. |
PDF Full Text Request