《云安全联盟（CSA）：2024年漏洞数据关键问题研究报告（英文版）（27页）.pdf》由会员分享，可在线阅读，更多相关《云安全联盟（CSA）：2024年漏洞数据关键问题研究报告（英文版）（27页）.pdf（27页珍藏版）》请在三个皮匠报告上搜索。

1、Top Concerns withVulnerability DataThe permanent and official location for the Vulnerability Data Working Group ishttps:/cloudsecurityalliance.org/research/working-groups/vulnerability-data 2024 Cloud Security Alliance All Rights Reserved.You may download,store,display on yourcomputer,view,print,and

2、 link to the Cloud Security Alliance at https:/cloudsecurityalliance.org subject tothe following:(a)the draft may be used solely for your personal,informational,noncommercial use;(b)the draft may not be modified or altered in any way;(c)the draft may not be redistributed;and(d)thetrademark,copyright

3、 or other notices may not be removed.You may quote portions of the draft aspermitted by the Fair Use provisions of the United States Copyright Act,provided that you attribute theportions to the Cloud Security Alliance.Copyright 2024,Cloud Security Alliance.All rights reserved.2AcknowledgmentsLead Au

4、thorsAbhineeth PasamAhaan SinhaReviewersAlan Curran MScAnita WhitbyCharan AkiriClifton FernandesDebrup GhoshEdward NewmanGene SchankJames Morgan-JonesMallika GunturuMark SzalkiewiczMeghana ParwateMichael RozaPrateek MittalRahul KalvaRajashekar YasaniRhitvik SinhaShruti DhumakSudheer VallandasVani Mu

5、rthyCSA Global StaffJosh BukerStephen LumpeKurt Seifried Copyright 2024,Cloud Security Alliance.All rights reserved.3Table of ContentsAcknowledgments.3Table of Contents.4Introduction.5Role of Vulnerability Data.5Current State of Vulnerability Data.6Identifying the Current Challenges.6CVE.6Data Quali

6、ty and Fidelity.6Perverse Incentives to not Create CVEs.7Finding Relevant Vulnerability Data.7Notifying Project Maintainers.8Lack of Interoperability.8Resolving Disputes.9Complexity of Reporting Vulnerabilities.9Increasing Number of CVEs Every Year.10CVSS.11Disadvantages of CVSS.12Inability to Prior