Following from Robot hacking: the Robot Security Framework (RSF) and seeing the good reception it had, I’m sharing here another piece of our work that’s been made publicly available:
The Robot Vulnerability Scoring System (RVSS) is an open and free to access vulnerability scoring system for robots. Created upon a review of CVSS3, it considers major relevant issues in robotics including a) robot safety aspects, b) assessment of downstream implications of a given vulnerability, c) library and third-party scoring assessments and d) environmental variables, such as time since vulnerability disclosure or exposure on the web. Find below a the material related to RVSS:
- Article introducing RVSS
- Python 3 implementation of RVSS
- White paper with a more theoretical background.
RVSS aims to become the de-facto standard for rating robot vulnerabilities. If with contrast to CVSS, RVSS is focused on the robotics security landscape. Contributions are welcome.