Security Vulnerability Assessment for Software Version Upgrade

Software installed on a computer does have security vulnerabilities to which an attacker can have access and do harm to the computer. It is known to be a good practice to install updates or upgrade versions of the software regularly to improve features, stability, and security, but often those updates and upgrades are ignored or delayed for several reasons. In addition, the new releases may come with some other vulnerabilities themselves. The motivation of this paper is to give information to computer users about the impact of software upgrade in terms of severity of the vulnerabilities that would result from the upgrade, in comparison with that of the vulnerabilities of the currently installed software. We propose a method to assess security vulnerabilities of the installed and the latest versions based on the CVSS vulnerability scoring system. Severity of vulnerabilities will be reported to suggest whether the upgrade is really needed to improve security. We also present an assessment tool that supports both personal and corporate use.