Estimation of Software Security Risks through CVSS: A Design Phase Perspective

In today's world, the software makes work more straightforward and more manageable for users, employees, and organizations. It makes our working environment more comfortable, but on the other hand, it has security issues. Over the last two decades, software security has become a prime focus for security organizations as well as security practitioners. As the growth of software increases, the level of security risks compromised with software also increases. In most cases, 'compromising in design’ is one of the critical security risks.  Software security risks are the weakness in the software that accidentally allow hazardous operations. To give prime concern to the security mechanism, the valuable assets must be protected. Hence, prompt detection and remediation of software security risks is a crucial issue in software security. In this paper, the researchers have laid stressed on Software security risk at the design phase and listed some common software security risks from CWE, i.e., Common Weakness Enumeration. In addition, researchers have also mentioned the CVSS 3.1 vulnerability scoring mechanism and calculated the scores of listed security risks to prioritize the exploitability impact and its base score.