RAND researcher launches project on scoring and patching vulnerabilities by companies

By Mariam Baksh  
July 5, 2019 at 10:00 AM
A new project to expand and improve the ability of companies to rank and more effectively patch vulnerabilities threatening their systems will be a game changer, according to a RAND Corp. researcher and co-author of an open standard for scoring computer vulnerabilities, which the effort will build on. "Right now, we're using really simple strategies of severity," said Sasha Romanosky, a policy researcher at RAND who wrote the Common Vulnerability Scoring System standard and is collaborating with others at the...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on the Trump administration's defense buildup and the response by the coming Democrat-controlled House of Representatives.

Log in to access this content.