Approved
The use of vulnerability data for risk assessment
Jenny Martinsson ()
Start
2020-08-31
Presentation
2021-06-10 10:15
Location:
https://lu-se.zoom.us/j/65459923766
Finished:
2021-06-11
Master's thesis:
Abstract
This master thesis is written at Debricked AB whose product is used to handle vulnerabilities in dependencies, open-source code, and other libraries. To do this they use several information sources, and among them, the NVD database. NVD is one database that also contains a CVSS score which measures the severity of a vulnerability. In this master thesis, we want to build an easy-to-use template for determining the environmental score in the CVSS, which is dependent on the environment and thus not given by NVD. We also aim to investigate how to use the environmental score to build parts of a risk framework based on the ISO 27000 standards and the NIST risk management framework. The outcome of this master thesis will contribute to how we can use the CVSS score and other information security properties to make both generic risk assessments, but also how it can be used to make specific risk assessments for individual clients.
Supervisor: Henrik Tehler () and Martin Hell (EIT)
Examiner: Thomas Johansson (EIT)