Skip to search boxSkip to navigationSkip to main content

A model for android and iOS applications risk calculation: CVSS analysis and enhancement using case-control studies

  • Milda Petraityte
    ,
  • Ali Dehghantanha
    ,
  • Gregory Epiphaniou
Research Output: Chapter in Book/Report/Conference proceeding Chapter Peer-review

Open access

Abstract

Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cyber security compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation.

Publication Information

Output type

Research Output: Chapter in Book/Report/Conference proceeding Chapter Peer-review

Original language

English

Publication milestones

  • Published - 24/04/2018

Publication status

Published - 24/04/2018

Volume

70

Publisher

Springer, Japan, India, Australia, Germany, United States, United Arab Emirates, Austria, Switzerland, Italy, China, United Kingdom, Netherlands, Brazil, France, Singapore
9783319739519

External Publication IDs

  • handle.net: 10547/624486
  • Scopus: 85046373300

Host publication title

Cyber Threat Intelligence