You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As mentioned in the training material CVSS has some issues, and in practice it results to a large list of vulnerabilities that need to be addressed even though if it doesn't overlap with the vulnerabilities list that are being exploited or are exploitable. There is the EPSS model from first.org that focuses on that problem. That is on making the list of vulnerabilities to be addressed smaller - i.e., more actionable. What are your thoughts in including this information in addition to CVSS?
The text was updated successfully, but these errors were encountered:
As mentioned in the training material CVSS has some issues, and in practice it results to a large list of vulnerabilities that need to be addressed even though if it doesn't overlap with the vulnerabilities list that are being exploited or are exploitable. There is the EPSS model from first.org that focuses on that problem. That is on making the list of vulnerabilities to be addressed smaller - i.e., more actionable. What are your thoughts in including this information in addition to CVSS?
The text was updated successfully, but these errors were encountered: