The Common Misuse Scoring System (CMSS) : metrics for software feature misuse vulnerabilities
The Common Misuse Scoring System (CMSS) consists of a set of measures of the severity of software feature misuse vulnerabilities. A software feature misuse vulnerability is present when the trust assumptions made when designing software features can be abused in a way that violates security. Misuse vulnerabilities allow attackers to use for malicious purposes the functionality that was intended to be beneficial. CMSS is derived from the Common Vulnerability Scoring System (CVSS), which was developed to score the severity of vulnerabilities due to software flaws. The CMSS measures are divided into three categories: base, temporal, and environmental. Base metrics assess the intrinsic exploitability of the vulnerability and the impact on confidentiality, integrity, and availability. Temporal metrics measure the time-varying aspects of vulnerability severity, such as the prevalence of exploits. Environmental metrics measure the aspects of vulnerability severity to an organization's environment, such as the local implementation of remediation measures. CMSS also includes a formula that combines those measures to produce a severity score for each vulnerability. CMSS enables organizations to make security decisions based on a standardized quantitative assessment of their vulnerability to software feature misuse
eBook, English, [2009]
U.S. Dept. of Commerce, National Institute of Standards and Technology, Gaithersburg, MD, [2009]