All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”

Manager asks: Which vulnerability must be eliminated first?

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F21%3APU138410" target="_blank" >RIV/00216305:26220/21:PU138410 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1007/978-3-030-69255-1_10" target="_blank" >http://dx.doi.org/10.1007/978-3-030-69255-1_10</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-030-69255-1_10" target="_blank" >10.1007/978-3-030-69255-1_10</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Manager asks: Which vulnerability must be eliminated first?

  • Original language description

    Nowadays, the number of discovered vulnerabilities increases rapidly. In 2018, the 17, 308 vulnerabilities were discovered and during the 2019 even more, so up to 20, 362. The serious problem is that a substantial part of them is rated as critical or at least labeled as as high according the CVSS (Common Vulnerability Scoring System). This fact causes a problem, the designers and/or developers do not know which vulnerability should be eliminated at the first place. Time for removal of the vulnerability is crucial from the practical point of cyber security. The main contribution of the article is a proposal of a new method that is used for prioritizing vulnerabilities. The aim of the proposed method is to eliminate the disadvantages of approaches commonly used today. Our method improves the prioritization of vulnerabilities utilizing the parameters: the possibility of exploitation, availability of information about them and knowledge obtained by Threat Intelligence. These three parameters are highly important, especially for newly discovered vulnerabilities, where a priority can differ from day to day. We evaluate the functionality of the proposed method utilizing the production environment of a medium-sized company and we copare results with CVSS method (30 servers, 200 end-stations).

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/TJ04000456" target="_blank" >TJ04000456: Modular application for complex penetration tests realization and IT security management</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2021

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Innovative Security Solutions for Information Technology and Communications

  • ISBN

    978-3-030-69254-4

  • ISSN

    0302-9743

  • e-ISSN

  • Number of pages

    18

  • Pages from-to

    1-18

  • Publisher name

    Springer

  • Place of publication

    Neuveden

  • Event location

    Bucharest

  • Event date

    Nov 19, 2020

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article