From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
CVSS v3.1 formula
From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
CVSS v3.1 formula
- [Instructor] At the most basic level, the formula to calculate vulnerability risk looks like this. Risk equals vulnerability times threat times consequence. The CVSS risk formula takes each of the key metric groups, base, temporal and environmental, and uses them to come up with a mathematical score on a scale of zero to 10, with 10 being the most severe. In practice, a vulnerability that scores 10 on the scale is something like a Heartbleed, a vulnerability that was widely exploited. In practice, vulnerabilities with high CVSS scores are the ones that cause big news headlines. Usually these have catchy names like Heartbleed, Shellshock and WannaCry. And their impacts are big, like decrypting all of your network traffic or gaining administrative access to all of your network. On the other hand, a vulnerability that scores a 5.0 isn't going to make headlines. It may play a part in a breach, but it probably won't be the…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.