Developing a Value-Based Software Vulnerability Patching Scheme
Auvinen, Teemu (2024-12-18)
Developing a Value-Based Software Vulnerability Patching Scheme
Auvinen, Teemu
(18.12.2024)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe20241219105617
https://urn.fi/URN:NBN:fi-fe20241219105617
Tiivistelmä
A problem faced by many companies with sizable cyber ecosystem is the prevalence of security vulnerabilities affecting their various resources. All vulnerabilities are not created equal - one may merely allow a slight inconvenience in very specific conditions, and another may enable a malicious party to completely hijack a system at will. To classify them, many systems such as CVSS exist and are being widely used, but they generally do not represent the risk that the presence of a vulnerability affects objectively. In this thesis we aim to deliver a set of schemes that first help define the more difficult aspects of CVSS, then we use a set of risk management and vulnerability analysis tools to create a tool for evaluating the financial risk they impose, and finally craft a framework for prioritizing vulnerability management work in a way that is comparable with other work done in the organization.