关键词: 漏洞, 属性综合评判系统, 静态严重性

Abstract: To solve the problem of evaluating static severity of computer security vulnerability, a method of evaluating vulnerability static severity based on the attribute synthetic assessment system was proposed. Four factors: threat, epidemic, incidence and easy or hard repair were advanced from the basic attributes of vulnerability, and the proposed method used the attribute synthetic assessment system to get a binary tuple denotation of vulnerability static severity of which qualitative denotation shows static severity rank and quantitative denotation shows static severity metirc. Application cases show that the proposed method is exact and effective. Compared with other existing methods, the proposed method has merits of quantitative and qualitative denotation, and embodies nuance of different vulnerabilities which are in the same quantitative static severity level.

Key words: vulnerability, attribute synthetic assessment system, static severity