• Parag Baxi

    Curious to know if CVE severity will be upgraded when additional exploits get published.

    Comment actions Permalink
  • Sanja

    Well, depends on what we mean by severity - if we are talking about the CVSS base score, unlikely, as that score was never designed to take into account  context or temporal evolution of the vulnerability, such as existence of exploits or attacks in the wild (for example, Heartbleed is still rated 5.0) - and as such is not really a measure of risk. If we are talking about risk-scoring algorithms that are aimed at quantifying the actual risk (like the one we have in unified VRM), then yes, the score is likely to increase with additional exploits getting published. 

    Comment actions Permalink

Please sign in to leave a comment.