Hi , I am trying to understand how a Vulnerability Reports risk score is being calculated. any help on this will be highly appreciated.
So I guess to start with the vulnerability. There’s a score of 1-1000. The higher the score, the higher the risk based on CVSS. If it’s actively exploited or the ease of exploit or if there is a malware kit, these things can all raise the score. Speaking about this report, it will take the assets in scope and will sum up any with that vulnerability. So risk score divided by assets will get you the score for that vulnerability. Does this clear things up?
Thank you Dereko…Yes! this should help.