Handling and reporting security advisories: A scorecard approach

被引:4
|
作者
Lekkas, D [1 ]
Spinellis, D
机构
[1] Univ Aegean, Dept Prod & Syst Design Engn, Mitilini, Greece
[2] Athens Univ Econ & Business, Dept Management Sci & Technol, Athens, Greece
来源
IEEE SECURITY & PRIVACY | 2005年 / 3卷 / 04期
关键词
D O I
10.1109/MSP.2005.98
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
A scorecard approach that provides a practical guide to publish, read, evaluate, and handle security advisories is presented. A vulnarability scorecard provides perspective guidelines based on goal-question-metric approach to users and help them to assess the impact of vulnerability disclosures. It is designed to let users record useful information and help security response centres to publish advisories. The scorecard provides a practical solution to the problem of defining a series of metrics, and help an interested party to determine the risks being faced by a specific system in evaluating the scorecard for a given security advisories.
引用
收藏
页码:32 / 41
页数:10
相关论文
共 50 条
  • [1] Scorecard Approach for Cyber-Security Awareness
    Shabe, Tsosane
    Kritzinger, Elmarie
    Loock, Marianne
    EMERGING TECHNOLOGIES FOR EDUCATION, 2018, 10676 : 144 - 153
  • [2] On the Flow of Software Security Advisories
    Miranda, Lucas
    Vieira, Daniel
    de Aguiar, Leandro Pfleger
    Menasche, Daniel Sadoc
    Bicudo, Miguel Angelo
    Nogueira, Mateus Schulz
    Martins, Matheus
    Ventura, Leonardo
    Senos, Lucas
    Lovat, Enrico
    IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2021, 18 (02): : 1305 - 1320
  • [3] A Balanced Scorecard approach to the Homeland Security Evaluation and Exercise Program
    Soujaa, Ismail
    Nukpezah, Julius A.
    Dimitrijevska-Markoski, Tamara
    RISK HAZARDS & CRISIS IN PUBLIC POLICY, 2024, 15 (03): : 393 - 407
  • [4] The missing link - A semantic web based approach for integrating screencasts with security advisories
    Eghan, Ellis E.
    Moslehi, Parisa
    Rilling, Juergen
    Adams, Bram
    INFORMATION AND SOFTWARE TECHNOLOGY, 2020, 117
  • [5] VFCFinder: Pairing Security Advisories and Patches
    Dunlap, Trevor
    Lin, Elizabeth
    Enck, William
    Reaves, Bradley
    PROCEEDINGS OF THE 19TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, ACM ASIACCS 2024, 2024, : 780 - 794
  • [6] Modeling the Delivery of Security Advisories and CVEs
    Ruohonen, Jukka
    Hyrynsalmi, Sami
    Leppanen, Ville
    COMPUTER SCIENCE AND INFORMATION SYSTEMS, 2017, 14 (02) : 537 - 555
  • [7] THE SCORECARD ON REPORTING OF THE GLOBAL FINANCIAL CRISIS
    Marron, Maria B.
    JOURNALISM STUDIES, 2010, 11 (02) : 270 - 274
  • [8] Corporate performance reporting revisited - The balanced scorecard and dynamic management reporting
    Walker, KB
    INDUSTRIAL MANAGEMENT & DATA SYSTEMS, 1996, 96 (03) : 24 - &
  • [9] Corporate performance reporting revisited - the balanced scorecard and dynamic management reporting
    Ind Manage Data Sys, 3 (24-30):
  • [10] Towards a compliance reporting using a balanced scorecard
    Friedrich-Alexander-University of Erlangen-Nuremberg, Lange Gasse 20, D-90403 Nuremberg, Germany
    World Acad. Sci. Eng. Technol., 2009, (154-160):
12345