TY  - EJOU
AU  - Tan, Tiantian 
AU  - Wang, Baosheng 
AU  - Tang, Yong 
AU  - Zhou, Xu 
AU  - Han, Jingwen 

TI  - A Method for Vulnerability Database Quantitative Evaluation
T2  - Computers, Materials \& Continua

PY  - 2019
VL  - 61
IS  - 3
SN  - 1546-2226

AB  - During system development, implementation and operation, vulnerability database technique is necessary to system security; there are many vulnerability databases but a lack of quality standardization and general evaluation method are needed. this paper summarized current international popular vulnerability databases, systematically introduced the present situation of current vulnerability databases, and found the problems of vulnerability database technology, extracted common metrics by analyzing vulnerability data of current popular vulnerability databases, introduced 4 measure indexes: the number scale of vulnerabilities, the independence level, the standardization degree and the integrity of vulnerability description, proposed a method for vulnerability database quantitative evaluation using SCAP protocol and corresponding standard, analyzed a large number of vulnerabilities in current popular vulnerability database, quantitative evaluated vulnerability database by the law of normal distribution, the experimental results show this method has strong versatility and science, and it is beneficial to improve the quality and standardization construction for vulnerability database development.
KW  - Vulnerability management
KW  -  vulnerability database
KW  -  quantitative evaluation

DO  - 10.32604/cmc.2019.06051