METHODS AND SYSTEMS FOR IMPROVED RISK SCORING OF VULNERABILITIES
First Claim
Patent Images
1. A method for security testing, comprising:
- identifying a vulnerability in an asset;
identifying whether the vulnerability is utilized by an existing malicious software program; and
determining a risk level of the vulnerability based on whether the vulnerability is utilized by the existing malicious software program.
6 Assignments
0 Petitions
Accused Products
Abstract
A security tool can identify vulnerabilities in a computing system and determine a risk level of the vulnerabilities based on base and optional CVSS vectors and additional factors that represent the evolving nature of vulnerabilities. Likewise, the security tool can determine an overall risk for vulnerabilities, an asset, and/or a collection of assets that encompasses a global view of an asset'"'"'s risk and/or collection of assets'"'"' risk, business considerations of an entity that own and controls the asset and/or the collection of assets, and the entity'"'"'s associations.
-
Citations
31 Claims
-
1. A method for security testing, comprising:
-
identifying a vulnerability in an asset; identifying whether the vulnerability is utilized by an existing malicious software program; and determining a risk level of the vulnerability based on whether the vulnerability is utilized by the existing malicious software program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. The A method for security testing, comprising:
-
identifying a vulnerability in asset; identifying that the asset is hosting virtual machines or that the asset is a virtual machine; and determining a risk level of the vulnerability based on the asset hosting the virtual machines or based on the asset being a virtual machine. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. The A method for security testing, comprising:
-
identifying a vulnerability in an asset; determining a risk level of the vulnerability based on the vulnerability'"'"'s ability to affect the asset; determining a classification of the asset based on a value of the asset; and determining an overall risk to the asset based on the risk level of the vulnerability and the classification of the asset. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
Specification