Characterization of security defects and analysis of vulnerability criticality in software for automated systems of internal affairs bodies

Abstract

Read online

Objective. The purpose of the study is to theoretically analyze security defects and study the criticality of vulnerabilities in software used in modern automated systems of internal affairs agencies.Method. A systematic approach method was used to consider the essence of the problem of assessing the security of software of automated systems of internal affairs bodies and the criticality of its vulnerabilities.Result. The results of an analysis of theoretical aspects of the study of vulnerabilities in software of automated systems are presented. The components of typical software used in the automated workstation of a user of a modern automated system of internal affairs bodies were analyzed for the presence of known vulnerabilities presented in the US National Vulnerability Database and the Data Bank of Information Security Threats of the Federal Service for Technical and Export Control of Russia, obtaining basic estimates for standard Common Vulnerability Scoring System versions 3.0 and 3.1.Conclusion. Carry out timely updates of the software used based on the selection of its optimal version in terms of security level. The main directions of activity for conducting a quantitative assessment of the level of software security in automated systems of internal affairs bodies are outlined, taking into account its vulnerabilities in real time.

Keywords

• automated system
• software
• vulnerability
• vulnerability danger level
• vulnerability criticality level
• software security level
• quantitative assessment of security level