Track: Cyber Security
Abstract
One of the main security risks is the software vulnerability. The vulnerability when exploited by attacks, can cause
catastrophic losses to the system. There are a number of vulnerabilities that are explored and discovered in the
computing system and these vulnerabilities have increased multifold. The security vulnerabilities span across entire
networks, large organisations and have to mitigated by information security engineers on a regular routine basis. One
of the key challenges for Information Technology (IT) system administrators is how to tackle these vulnerabilities and
more specifically which vulnerability to prioritize. All companies recognize the importance and need to prioritize
these vulnerabilities. It is not only important to prioritize the vulnerabilities; it is imperative to utilize a vulnerability
evaluation system. The significant role of the vulnerability evaluation system is to separate these vulnerabilities from
each other through quantitative and qualitative methods. In this paper, we first review through both qualitatively and
quantitatively the various vulnerabilities within an existing large global multinational company. We explore and
analyze 30,000 various vulnerabilities across a 3-month time period. The 30,000 vulnerabilities are captured using an
automated software from individual systems and the network within the company. The software detects the
vulnerabilities and the various characteristics associated with these vulnerabilities and assigns severity levels based
on the severity of the vulnerability. The severity is assigned a score from 1 to 5, with 1 being least. The vulnerabilities
captured span across 20 different lab environments, across different operating systems and these vulnerabilities are
with various severity levels. The CVSS vulnerability scoring system was utilized for data from one of the biggest
multinational company from within their environment. The researchers analyzed the various vulnerabilities using the
various parameters of these vulnerabilities. The researchers analyzed and studied the various inherent patterns within
the environment. Various variables were analyzed critically as part of the descriptive analytics. The vulnerabilities
were analyzed across the labs. Then each lab was analyzed using variables like OS, various severity levels, IDs, status
of vulnerabilities, CVSS scores, Access Vector, Attack Complexity, Confidentiality, Integrity, Availability,
Exploitability, Systems, categories of systems, Ports, PCI,