Vulnerability Management Nirvana: A Study in Predicting Exploitability
When everything is a priority, nothing is. 15% or 10,000 vulnerabilities have a CVSS score of 10. Vendors and practitioners alike use CVSS or their own threat intelligence models to predict which vulnerabilities will be exploited next. We review current options, present a predictive data-driven prioritization model, and perform a longitudinal head-to-head test against CVSS over a 6 month period.