pith. sign in

arxiv: 2206.11182 · v1 · pith:Q2ELVRURnew · submitted 2022-06-22 · 💻 cs.CR · cs.AI

Vulnerability Prioritization: An Offensive Security Approach

classification 💻 cs.CR cs.AI
keywords approachvulnerabilitiescvssoffensiveprioritizationprioritizingsecurityvulnerability
0
0 comments X
read the original abstract

Organizations struggle to handle sheer number of vulnerabilities in their cloud environments. The de facto methodology used for prioritizing vulnerabilities is to use Common Vulnerability Scoring System (CVSS). However, CVSS has inherent limitations that makes it not ideal for prioritization. In this work, we propose a new way of prioritizing vulnerabilities. Our approach is inspired by how offensive security practitioners perform penetration testing. We evaluate our approach with a real world case study for a large client, and the accuracy of machine learning to automate the process end to end.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.