Methodology, system and computer readable medium for rating computer system vulnerabilities
First Claim
1. A computerized method for use in rating computer system vulnerabilities comprising, with respect to each identified vulnerability:
- assigning a risk rating to each of a plurality of risk categories associated with the identified vulnerability, thereby to generate a plurality of risk ratings, each having a risk value indicative of a level of risk for its corresponding risk category; and
computing a resultant risk value for the identified vulnerability based on the risk ratings, thereby to indicate a relative overall risk for the identified vulnerability.
5 Assignments
0 Petitions
Accused Products
Abstract
A computerized method for rating system vulnerabilities comprises assigning a risk rating to each of a plurality of risk categories associated with identified vulnerabilities, whereby each rating has a value indicative of a level of risk for its corresponding risk category. A resultant risk value is then computed for each identified vulnerability based on the risk ratings, thereby indicating a relative overall risk for each vulnerability. A respective waiting factor can also be assigned for each of the risk ratings. A computer readable medium and a vulnerability rating system for use in assessing computer system vulnerabilities are also provided.
153 Citations
34 Claims
-
1. A computerized method for use in rating computer system vulnerabilities comprising, with respect to each identified vulnerability:
-
assigning a risk rating to each of a plurality of risk categories associated with the identified vulnerability, thereby to generate a plurality of risk ratings, each having a risk value indicative of a level of risk for its corresponding risk category; and
computing a resultant risk value for the identified vulnerability based on the risk ratings, thereby to indicate a relative overall risk for the identified vulnerability. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computerized method for rating computer system vulnerabilities, comprising:
-
identifying a plurality of computer system vulnerabilities associated with a selected computer system environment;
associating a plurality of risk categories for each identified vulnerability;
associating a risk level set for each identified risk category;
with respect to each identified vulnerability;
assigning a risk rating for each risk category associated with the identified vulnerability, each said risk rating having an associated risk value indicative of a level of risk for its corresponding risk category; and
computing a resultant risk value based on the assigned risk ratings, thereby to generate a set of resultant risk values each indicative of a relative overall risk for the identified vulnerability; and
creating a prioritized listing of computer system vulnerabilities from the set of resultant risk values. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer readable medium having computer executable instructions for performing a method comprising:
-
identifying a plurality of computer system vulnerabilities associated with a selected computer system environment;
identifying a risk category set associated with each identified vulnerability;
identifying a risk level set associated with each identified risk category in the risk category set;
with respect to each identified vulnerability;
assigning a risk rating for each associated risk category, wherein each risk rating has a risk value indicative of a level of risk for its associated risk category; and
computing a resultant risk value for the identified vulnerability based on its associated risk ratings, thereby to define a set of resultant risk values each indicative of a relative overall risk for the identified vulnerability; and
creating a prioritized listing of computer system vulnerabilities from the set of resultant risk values. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A vulnerability rating system for assessing vulnerabilities associated with a selected computer system, comprising:
-
a storage device;
an output device; and
a processor programmed to;
assign a risk rating to each of a plurality of risk categories associated with each of a plurality of identified computer system vulnerabilities, each risk rating having a risk value indicative of a level of risk for its corresponding risk category;
generate a set of resultant risk values for the computer system by computing a resultant risk value for each identified vulnerability based on the vulnerability'"'"'s associated risk ratings, each resultant risk value indicative of a relative overall risk for its associated vulnerability;
arrange the set of resultant risk values into a prioritized listing that is stored on said storage device; and
control said output device to display output corresponding to said prioritized listing. - View Dependent Claims (23, 24, 25, 26, 27)
-
-
28. A vulnerability rating system for assessing vulnerabilities associated with a selected computer system environment, comprising:
-
storage means;
input means;
output means; and
processing means for;
identifying a plurality of computer system vulnerabilities associated with each of a plurality of different computer system environments, thereby to define associated sets of vulnerabilities;
causing the associated set of vulnerabilities to be stored on said storage means;
with respect to each of said computer system environments, and for each set of vulnerabilities associated therewith;
identifying an associated set of risk categories;
causing the associated set of risk categories to be stored on said storage means;
identifying at least one risk level associated with each identified risk category, thereby to define an associated risk level set;
causing the associated risk level set to be stored on the storage means;
receiving input from said input means corresponding to a risk rating being assigned for each of said risk categories, each risk rating having a risk value indicative of a level of risk for its corresponding risk category; and
computing a resultant risk value (RV) based on said input, thereby to generate a set of resultant risk values each indicative of a relative overall risk for the identified vulnerability; and
creating a vulnerability listing having a selected organization based on the set of resultant risk values. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
Specification