ABSTRACT
We propose an infrastructure that helps system administrators to identify a newly published vulnerability on the site hosts, to evaluate the vulnerability threat with respect to the administrators' security priorities, and to repair the vulnerable hosts. The infrastructure foundation is the vulnerability semantics, a small set of attributes for vulnerability definition. We demonstrate that with a few attributes it is possible to define the majority of the known vulnerabilities in a way that facilitates their accurate identification, and enables the administrators to rank the vulnerabilities found according to the organization's security priorities. A large scale experiment demonstrates that our infrastructure can find significant vulnerabilities even in a site with high security awareness.
© Copyright by K.G. Saur Verlag 2004
