In a company 5 components is found to have vulnerabilities in its system. the first one has a low CVSS (3,0) and is ver
Posted: Thu May 26, 2022 9:43 am
In a company 5 components is found to have
vulnerabilities in its system.
the first one has a low CVSS (3,0) and is very much
used in the system
the second one has a low CVSS (6,0) and is very
much used in the system
the third one has a low CVSS (8,0) and is not so
much used in the system
the fourth one has a low CVSS (8,0) and is very
much used in the system
the last one has a low CVSS (9, 0) and is not so
much used in the system
The question is what to do with the vulnerable components,
if they should be fixed at once, or to wait more , do nothing, or
to stop the development to fix the vulnerabilities.
Which types of further details could be asked to the team
about the components and the vulnerabilities?
And also how can CVSS metrics be used to answer this
question?
vulnerabilities in its system.
the first one has a low CVSS (3,0) and is very much
used in the system
the second one has a low CVSS (6,0) and is very
much used in the system
the third one has a low CVSS (8,0) and is not so
much used in the system
the fourth one has a low CVSS (8,0) and is very
much used in the system
the last one has a low CVSS (9, 0) and is not so
much used in the system
The question is what to do with the vulnerable components,
if they should be fixed at once, or to wait more , do nothing, or
to stop the development to fix the vulnerabilities.
Which types of further details could be asked to the team
about the components and the vulnerabilities?
And also how can CVSS metrics be used to answer this
question?