You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/assets/YAML/default/TestAndVerification/StaticDepthForApplications.yaml
+2-1Lines changed: 2 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -324,7 +324,8 @@ Test and Verification:
324
324
uuid: f2f0f274-c1a0-4501-92fe-7fc4452bc8ad
325
325
risk: |-
326
326
Without proper prioritization, organizations may waste time and effort on low-risk vulnerabilities while neglecting critical ones.
327
-
measure: Estimate the likelihood of exploitation by using data (CISA KEV) from the past or prediction models (EPSS).
327
+
measure: Estimate the likelihood of exploitation by using data (CISA KEV) from the past or prediction models (e.g. Exploit Prediction Scoring System, EPSS).
328
+
description: Severity-based vulnerability triage alone generates a lot false positives, requiring a more refined approach.
0 commit comments