A Method for Vulnerability Database Quantitative Evaluation

During system development, implementation and operation, vulnerability database technique is necessary to system security; there are many vulnerability databases but a lack of quality standardization and general evaluation method are needed. this paper summarized current international popular vulnerability databases, systematically introduced the present situation of current vulnerability databases, and found the problems of vulnerability database technology, extracted common metrics by analyzing vulnerability data of current popular vulnerability databases, introduced 4 measure indexes: the number scale of vulnerabilities, the independence level, the standardization degree and the integrity of vulnerability description, proposed a method for vulnerability database quantitative evaluation using SCAP protocol and corresponding standard, analyzed a large number of vulnerabilities in current popular vulnerability database, quantitative evaluated vulnerability database by the law of normal distribution, the experimental results show this method has strong versatility and science, and it is beneficial to improve the quality and standardization construction for vulnerability database development.