A1 Refereed original research article in a scientific journal
A Look at the Time Delays in CVSS Vulnerability Scoring
Authors: Jukka Ruohonen
Publisher: Elsevier
Publication year: 2017
Journal: Applied Computing and Informatics
eISSN: 2210-8327
DOI: https://doi.org/10.1016/j.aci.2017.12.002
Web address : https://www.sciencedirect.com/science/article/pii/S2210832717302995
Self-archived copy’s web address: https://arxiv.org/abs/1801.00938
This empirical paper examines the time delays that occur between the publication of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) information attached to published CVEs. According to the empirical results based on regularized regression analysis of over eighty thousand archived vulnerabilities, (i) the CVSS content does not statistically influence the time delays, which, however, (ii) are strongly affected by a decreasing annual trend. In addition to these results, the paper contributes to the empirical research tradition of software vulnerabilities by a couple of insights on misuses of statistical methodology.
Downloadable publication This is an electronic reprint of the original article. |  |
