Time Complexity: Vulnerability classification (CVSS)
O(n)
0
0
Vulnerability classification (CVSS) in Cybersecurity - Time & Space Complexity
Understanding Time Complexity
We want to understand how the time to classify vulnerabilities using CVSS grows as the number of vulnerabilities increases.
How does the effort change when more vulnerabilities need scoring?
Scenario Under Consideration
Analyze the time complexity of the following vulnerability classification process.
for each vulnerability in vulnerability_list:
gather vulnerability details
calculate base score
calculate temporal score
calculate environmental score
assign overall CVSS score
store score in database
This code scores each vulnerability using CVSS metrics and saves the result.
Identify Repeating Operations
Look for repeated steps that take most time.
- Primary operation: Looping through each vulnerability to calculate scores.
- How many times: Once for every vulnerability in the list.
How Execution Grows With Input
Each new vulnerability adds roughly the same amount of work.
| Input Size (n) | Approx. Operations |
|---|---|
| 10 | 10 sets of score calculations |
| 100 | 100 sets of score calculations |
| 1000 | 1000 sets of score calculations |
Pattern observation: The work grows directly with the number of vulnerabilities.
Final Time Complexity
Time Complexity: O(n)
This means the time to classify vulnerabilities grows in a straight line as more vulnerabilities are added.
Common Mistake
[X] Wrong: "Classifying multiple vulnerabilities can be done instantly regardless of how many there are."
[OK] Correct: Each vulnerability needs its own scoring steps, so more vulnerabilities mean more total work.
Interview Connect
Understanding how classification time grows helps you explain efficiency in real security tools and processes.
Self-Check
"What if the scoring process included nested checks for related vulnerabilities? How would the time complexity change?"