CVSS information update by analyzing vulnerability information
First Claim
1. An automated system for automatic update of a Common Vulnerability Scoring System (CVSS) score, the system comprising:
- electronic circuitry for implementing vulnerability information analyzing functionality to analyze preexisting vulnerability information via;
recognizing a URL linking to a source of vulnerability advisory information related to the preexisting vulnerability information, andrecognizing a pattern of text corresponding to the preexisting vulnerability information of a vulnerability record,wherein the preexisting vulnerability information relates to at least one of a vulnerability or an attack vector, the vulnerability associated with a preexisting CVSS score, and the preexisting CVSS score being based at least partially on the preexisting vulnerability information;
electronic circuitry for implementing vulnerability information extraction functionality, responsive to the recognizing the pattern of text, to extract new vulnerability information via;
retrieving the URL, andscanning the source for a section related to the vulnerability advisory information that corresponds to the new vulnerability information,wherein the new vulnerability information relates to the at least one of the vulnerability or the attack vector; and
electronic circuitry for implementing CVSS score updating functionality to employ the new vulnerability information to update the preexisting CVSS score.
8 Assignments
0 Petitions
Accused Products
Abstract
An automated system for automatic update of a Common Vulnerability Scoring System (CVSS) score, the system including vulnerability information analyzing functionality to analyze preexisting vulnerability information, the preexisting vulnerability information relating to at least one of at least one vulnerability and at least one attack vector thereof, the at least one vulnerability having a preexisting CVSS score, the preexisting CVSS score being based at least partially on the preexisting vulnerability information, vulnerability information extraction functionality, responsive to the analyzing preexisting vulnerability information, to extract new vulnerability information, the new vulnerability information relating to the at least one of the at least one vulnerability and the at least one attack vector thereof, and CVSS score updating functionality to employ the new vulnerability information to update the preexisting CVSS score.
24 Citations
20 Claims
-
1. An automated system for automatic update of a Common Vulnerability Scoring System (CVSS) score, the system comprising:
-
electronic circuitry for implementing vulnerability information analyzing functionality to analyze preexisting vulnerability information via; recognizing a URL linking to a source of vulnerability advisory information related to the preexisting vulnerability information, and recognizing a pattern of text corresponding to the preexisting vulnerability information of a vulnerability record, wherein the preexisting vulnerability information relates to at least one of a vulnerability or an attack vector, the vulnerability associated with a preexisting CVSS score, and the preexisting CVSS score being based at least partially on the preexisting vulnerability information; electronic circuitry for implementing vulnerability information extraction functionality, responsive to the recognizing the pattern of text, to extract new vulnerability information via; retrieving the URL, and scanning the source for a section related to the vulnerability advisory information that corresponds to the new vulnerability information, wherein the new vulnerability information relates to the at least one of the vulnerability or the attack vector; and electronic circuitry for implementing CVSS score updating functionality to employ the new vulnerability information to update the preexisting CVSS score. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computing device for automatic update of a Common Vulnerability Scoring System (CVSS) score, including a non-transitory, tangible computer-readable medium with computer program instructions stored thereon, the instructions, when executed by a processor, cause the processor to:
-
recognize text corresponding to preexisting vulnerability information of a vulnerability record, and recognize a source of vulnerability advisory information related to the preexisting vulnerability information, wherein the preexisting vulnerability information relates to at least one of a vulnerability or an attack vector, the vulnerability associated with a preexisting CVSS score, and the preexisting CVSS score being based at least partially on the preexisting vulnerability information; responsive to the recognized text corresponding to the preexisting vulnerability information, extract new vulnerability information from the source, wherein the new vulnerability information relates to the at least one of the vulnerability or the attack vector; and employ the new vulnerability information to update the preexisting CVSS score. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method for automatic update of a Common Vulnerability Scoring System (CVSS) score, said method being implemented in a computing system comprising at least one physical processor, the method comprising:
-
analyzing preexisting vulnerability information of a vulnerability record; analyzing a source of vulnerability advisory information related to said preexisting vulnerability information, wherein the preexisting vulnerability information relates to at least one of a vulnerability or an attack vectors, the vulnerability associated with a preexisting CVSS score, and the preexisting CVSS score including a temporal score based at least partially on the preexisting vulnerability information; responsive to the analyzing preexisting vulnerability information, extracting, from the source, new vulnerability information corresponding to a vulnerability property of a temporal score metric, wherein the new vulnerability information relates to the at least one of the vulnerability or the attack vector; and employing the new vulnerability information to update the temporal score of the preexisting CVSS score of a CVSS score record corresponding to the vulnerability record. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification