Towards an open standard for assessing the severity of robot security vulnerabilities, the Robot Vulnerability Scoring System (RVSS)
This work addresses a critical safety gap in robotics security for developers and users, though it is incremental as it builds upon existing scoring frameworks.
The authors tackled the problem of accurately assessing robot vulnerability severity by creating the Robot Vulnerability Scoring System (RVSS), an open standard that incorporates robotics-specific factors like safety and environmental variables, and experimentally showed it outperforms the existing CVSS in evaluations.
Robots are typically not created with security as a main concern. Contrasting to typical IT systems, cyberphysical systems rely on security to handle safety aspects. In light of the former, classic scoring methods such as the Common Vulnerability Scoring System (CVSS) are not able to accurately capture the severity of robot vulnerabilities. The present research work focuses upon creating an open and free to access Robot Vulnerability Scoring System (RVSS) that considers major relevant issues in robotics including a) robot safety aspects, b) assessment of downstream implications of a given vulnerability, c) library and third-party scoring assessments and d) environmental variables, such as time since vulnerability disclosure or exposure on the web. Finally, an experimental evaluation of RVSS with contrast to CVSS is provided and discussed with focus on the robotics security landscape.