Vulnerability
11 items tagged with "vulnerability"
Glossaries11
Common Vulnerabilities and Exposures (CVE)
CVE is a public, standardized catalog that assigns a unique identifier to each publicly disclosed cybersecurity vulnerability, enabling consistent reference across tools and organizations.
Common Vulnerability Scoring System (CVSS)
CVSS is an open standard for rating the severity of security vulnerabilities, producing a numerical score from 0 to 10 based on their characteristics and potential impact.
RiskScore
RiskScore is Vibgrate’s 0–100 measure of security and business exposure — the probability and consequence of harm right now — where 0 is safest and 100 is maximum risk.
Exploit Prediction Scoring System (EPSS)
EPSS is a daily-updated probability estimate from FIRST, scoring each CVE from 0 to 1 on how likely it is to be exploited in the wild within the next 30 days.
Known Exploited Vulnerabilities (KEV) Catalog
The KEV catalog is CISA’s authoritative list of vulnerabilities with reliable evidence of active exploitation in the wild — confirmed fact, not prediction.
Likely Exploited Vulnerabilities (LEV)
LEV is a proposed NIST metric (CSWP 41) that estimates, from a CVE’s EPSS history, the cumulative probability the vulnerability has ever been exploited — a conservative lower bound.
Open Source Vulnerabilities (OSV)
OSV is a distributed vulnerability database and schema for open-source software, aggregating ecosystem advisory feeds with precise, package-native version matching.
GitHub Security Advisories (GHSA)
GHSA is GitHub’s curated database of security advisories for open-source packages, with maintainer-reviewed affected-version ranges and fix versions.
National Vulnerability Database (NVD)
The NVD is NIST’s database that enriches CVE records with CVSS severity scores, product identifiers, and reference data.
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC is a decision-tree methodology from CMU SEI and CISA that prioritizes vulnerabilities by contextual facts — exploitation status, automatability, and mission impact — rather than a single severity number.
Reachability Analysis
Reachability analysis determines whether the vulnerable code inside a dependency is actually invoked by your application, separating exploitable findings from theoretical ones.