Back to Tags
Prioritization
3 items tagged with "prioritization"
Filter by type:
Glossaries3
Glossary
Exploit Prediction Scoring System (EPSS)
EPSS is a daily-updated probability estimate from FIRST, scoring each CVE from 0 to 1 on how likely it is to be exploited in the wild within the next 30 days.
Glossary
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC is a decision-tree methodology from CMU SEI and CISA that prioritizes vulnerabilities by contextual facts — exploitation status, automatability, and mission impact — rather than a single severity number.
Glossary
Reachability Analysis
Reachability analysis determines whether the vulnerable code inside a dependency is actually invoked by your application, separating exploitable findings from theoretical ones.