RAND researcher launches project on scoring and patching vulnerabilities by companies

A new project to expand and improve the ability of companies to rank and more effectively patch vulnerabilities threatening their systems will be a game changer, according to a RAND Corporation researcher and co-author of an open standard for scoring computer vulnerabilities, which the effort will build on.

“Right now we’re using really simple strategies of severity,” said Sasha Romanosky a policy researcher at RAND who wrote the Common Vulnerability Scoring System standard and is collaborating with others at the...