Accession Number:

AD1098014

Title:

Exploit Probabilities Conditioned on CVSS Scores

Descriptive Note:

Technical Report

Corporate Author:

MIT Lincoln Laboratory Lexington United States

Personal Author(s):

Report Date:

2016-11-04

Pagination or Media Count:

15.0

Abstract:

We present data-driven results that probe the relationship between the existence of cyber exploits - a stand-in for threat assessment - with CVSS scores, which are a particular metric of cyber vulnerability. Initial results indicate a roughly power-law relationship with an exponent of 75 plus or minus 14, rising to a maximum of about 9 percent for vulnerabilities with the most severe highest CVSS scores.

Subject Categories:

  • Statistics and Probability
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE