The Common Vulnerability Scoring System (CVSS) uses several metrics to assess the severity of vulnerabilities. Among them, the Temporal metric group specifically reflects the exploit quotient of a vulnerability.
Temporal metrics consider factors that change over time after a vulnerability is initially assessed. These include:
Exploit Code Maturity: This assesses the likelihood of the vulnerability being exploited based on the availability and maturity of exploit code.
Remediation Level: The level of remediation available for the vulnerability, which influences the ease of mitigation.
Report Confidence: This metric measures the reliability of the reports about the vulnerability.
These temporal factors directly affect the exploitability and potential threat posed by a vulnerability, adjusting the base score to provide a more current view of the risk.
References
Common Vulnerability Scoring System v3.1: User Guide.
"Understanding CVSS," by FIRST (Forum of Incident Response and Security Teams).
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit