Risk evaluation for a vulnerability assessment system on a data communication network from a collection of threats

Abstract

A private network is scanned to identify devices, and profiling identified devices for vulnerabilities. A score is determined from a Common Vulnerability Scoring System (CVSS) database for each vulnerability individually that characterizes severity. A score is determined for a collection of vulnerabilities. Exponential tapering functions curb an influence of large numbers of low priority threats on the collection score. The collection threat score increases with severity of the collection of vulnerabilities.

CPC Classifications