English

Vulnerability Prioritization: An Offensive Security Approach

Cryptography and Security 2022-06-23 v1 Artificial Intelligence

Abstract

Organizations struggle to handle sheer number of vulnerabilities in their cloud environments. The de facto methodology used for prioritizing vulnerabilities is to use Common Vulnerability Scoring System (CVSS). However, CVSS has inherent limitations that makes it not ideal for prioritization. In this work, we propose a new way of prioritizing vulnerabilities. Our approach is inspired by how offensive security practitioners perform penetration testing. We evaluate our approach with a real world case study for a large client, and the accuracy of machine learning to automate the process end to end.

Keywords

Cite

@article{arxiv.2206.11182,
  title  = {Vulnerability Prioritization: An Offensive Security Approach},
  author = {Muhammed Fatih Bulut and Abdulhamid Adebayo and Daby Sow and Steve Ocepek},
  journal= {arXiv preprint arXiv:2206.11182},
  year   = {2022}
}

Comments

5 pages

R2 v1 2026-06-24T12:00:25.664Z