NopSec Risk Scoring
NopSec utilizes a machine learning (ML) algorithm to calculate its vulnerability risk score. The ML algorithm takes into account many features, including the following data:
NopSec utilizes a machine learning (ML) algorithm to calculate its vulnerability risk score. The ML algorithm takes into account many features, including the following data:
- Vulnerability age-related information.
- Multiple CVSS vectors, such as the Access and Authentication Vectors.
- Number of references to a vulnerability within the National Vulnerability Database.
- Number of products affected by the vulnerability.
- Number of vendors affected by a vulnerability.
- Aspects of weaknesses related to the vulnerability.
- Text analysis of the vulnerability’s description.
- Various social media references to the vulnerability, such as the count of tweets mentioning the vulnerability.
- Various attributes of related exploits such as the source, whether the exploit can be utilized remotely, and whether the exploit is proof of concept or weaponized.
NopSec Risk Score Categories
- Urgent: score = 10.0 with malware association. Vulnerability can be exploited in the wild through means such as active malware, ransomware, remote access trojans, exploit kits, and/or targeted attacks in the wild.
- Critical: 7.5 < score <= 9.9, or =10.0 without malware association. Vulnerability is critical, however, without active exploits in the wild.
- High: score 5.0 < score <= 7.5
- Medium: 2.5 < score <= 5.0
- Low: 0 < score <= 2.5
- None: score = 0. Informational only.
Comments
0 comments
Please sign in to leave a comment.