Modeling the Operations of the Vulnerability Ecosystem
October 2018 • Poster
This poster describes models, metrics, datasets, and key performance indicators developed to improve vulnerability response.
Software Engineering Institute
Measuring Vulnerability Response (VR) solely by VM metrics underserves defenders, due to inadequate disclosure practices upstream. This inadequacy highlights a deeper problem: while many defenders are familiar with VM practices, they do not recognize the importance of the Coordinated Vulnerability Disclosure (CVD) process that feeds into it.This work developed models, metrics, datasets, and key performance indicators for VR practices that account for CVD as well as VM.