摘要
在风险评估过程中,究竟使用何种漏洞等级标准是安全等级划分的重要依据。论文介绍了目前信息安全界关于漏洞等级定义的诸多标准,并分析了多厂商多标准模式存在的问题,提出了通用漏洞评估系统,并深入分析了该系统的各个组成要素及评分规则,并结合实例说明了其合理性。
In risk assessment, applying kind of vulnerability rank standard is very important for the security rating result. This paper introduces the vulnerability rank definition standards in information security field, and analyzes the problem of multi-manufacturer standard pattern, and thus proposes the Common Vulnerability Scoring System. Through careful analysis on this system by each components and grading rules of the system, the paper finally gives the example of how to apply the system with MS06-056 vulnerability.
出处
《信息安全与通信保密》
2007年第6期148-149,152,共3页
Information Security and Communications Privacy
