Exploit Probabilities Conditioned on CVSS Scores
MIT Lincoln Laboratory Lexington United States
Pagination or Media Count:
We present data-driven results that probe the relationship between the existence of cyber exploits - a stand-in for threat assessment - with CVSS scores, which are a particular metric of cyber vulnerability. Initial results indicate a roughly power-law relationship with an exponent of 75 plus or minus 14, rising to a maximum of about 9 percent for vulnerabilities with the most severe highest CVSS scores.
- Statistics and Probability
- Computer Systems Management and Standards