×

SYSTEM AND METHOD FOR VULNERABILITY RISK ANALYSIS

  • US 20140189873A1
  • Filed: 05/21/2010
  • Published: 07/03/2014
  • Est. Priority Date: 12/21/2009
  • Status: Active Grant
First Claim
Patent Images

1. A method for analyzing risk, the method comprising:

  • accessing, within an electronic system, host configuration information of a host;

    querying a vulnerability database based on said host configuration information;

    receiving a list of vulnerabilities, wherein said list of vulnerabilities corresponds to vulnerabilities of said host;

    accessing a plurality of vulnerability scores;

    determining a composite risk score for at least one of said host and each software product of said host based on said plurality of vulnerability scores, wherein said composite risk score measures at least in part a severity reflecting that an exploited vulnerability is needed by an attacker to compromise at least one of said host and a software product of said host;

    determining an aggregate risk score for at least one of said host and each software product of said host based on said plurality of vulnerability scores, wherein said aggregate risk score measures at least in part a number of options available to said attacker for compromising at least one of said host and a software product of said host; and

    reporting said composite risk score and said aggregate risk score.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×