U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Peter Mell (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 76 - 100 of 129

Intrusion Detection and Prevention Systems

October 22, 2010
Author(s)
Karen A. Scarfone, Peter M. Mell
Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents. An intrusion detection and prevention system (IDPS) is software that automates the intrusion detection

State of Security Readiness

June 10, 2010
Author(s)
Ramaswamy Chandramouli, Peter M. Mell
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. However, the

An Analysis of CVSS Version 2 Vulnerability Scoring

October 14, 2009
Author(s)
Karen A. Scarfone, Peter M. Mell
The Common Vulnerability Scoring System (CVSS) is a specification that is used to measure the relative severity of software vulnerabilities. CVSS version 2, which was finalized in June 2007, was designed to address several deficiencies discovered during

Vulnerability Scoring for Security Configuration Settings

October 29, 2008
Author(s)
Karen A. Scarfone, Peter M. Mell
The best-known vulnerability scoring standard, the Common Vulnerability Scoring System (CVSS), is designed to quantify the severity of security-related software flaw vulnerabilities. This paper describes our efforts to determine if CVSS could be adapted

Improving the Common Vulnerability Scoring System

September 28, 2007
Author(s)
Peter M. Mell, Karen A. Scarfone
The Common Vulnerability Scoring System is an emerging standard for scoring the impact of vulnerabilities. This paper presents the results of our analysis of the scoring system and the results of our experiment scoring a large set of vulnerabilities using

A Complete Guide to the Common Vulnerability Scoring System Version 2.0

July 30, 2007
Author(s)
Peter M. Mell, Karen A. Scarfone, Sasha Romanosky
The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS consists of three groups: Base, Temporal and Environmental. Each group produces a numeric score ranging

CVSS-SIG Version 2 History

July 30, 2007
Author(s)
Peter M. Mell, Karen A. Scarfone, Gavin Reid
This document attempts to interpret the history and rationale behind changes made in the Common Vulnerability Scoring System (CVSS) from version 1 to version 2 (referred to as CVSS v1 and v2 in this document.) This document contains multiple appendices

Guide to Intrusion Detection and Prevention Systems (IDPS)

February 20, 2007
Author(s)
Karen A. Scarfone, Peter M. Mell
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist

Common Vulnerability Scoring System

December 29, 2006
Author(s)
Peter M. Mell, Karen Kent Scarfone, Sasha Romanosky
Organizations struggle to assess the relative importance of software vulnerabilities across disparate hardware and software platforms. They must prioritize vulnerabilities and remediate those that pose the greatest risk. However, most software vendors and