Threat Score Calculation - Examples
Some examples to explain how we would arrive at a Threat Score.
Example 1
A SAID has two CVEs; two come back as exploited.
Triggered Rules
The following rules are triggered:
| • | CVE1 Triggers |
| • | Historically Linked to Remote Access Trojan |
| • | Recent remote code execution POC verified |
| • | CVE2 Triggers |
| • | Historically Linked to Exploit Kit |
The Threat Score would be 51.
Calculating the Score
The criticality range is set by the most critical rule triggered, which is critical. This sets the score's maximum and minimum range as between 45 and 70.
|
Item |
Value |
|
Base Score |
+45 |
|
Recent remote code execution POC verified |
+4 |
|
Linked to Recent Cyber Exploit |
+1 |
|
Historically Linked to Remote Access Trojan |
+1 |
|
Threat Score (Sum of above values) |
51 |
Example 2
A SAID has seven CVEs; and all come back as exploited.
Triggered Rules
The following rule is triggered by all CVEs:
| • | CVE1, CVE2, CVE3, CVE4, CVE5, CVE6 and CVE7 triggers |
| • | Recently Linked to Malware |
The Threat Score would be 23.
Calculating the Score
The criticality range is set by the most critical rule triggered, which is medium. This sets the score's maximum and minimum range as between 13 and 23.
|
Item |
Value |
|
Base Score |
+13 |
|
Recently Linked to Malware |
+2 * 7 CVE = +14 |
|
Threat Score (Sum of above values) |
27 Note:At this point, we have exceeded the maximum for a critical threat, which is 23, so the score is 23. |
Example 3
A SAID has one CVE and it comes back as exploited.
Triggered Rules
The following rule is triggered:
| • | CVE1 triggers |
| • | Historically exploited in the wild |
The Threat Score would be 27.
Calculating the Score
The criticality range is set by the most critical rule triggered, which is high. This sets the score's maximum and minimum range as between 24 and 44.
|
Item |
Value |
|
Base Score |
+24 |
|
Historically exploited in the wild |
+3 |
|
Threat Score (Sum of above values) |
27 |
Example 4
A SAID has many CVEs, none come back as exploited.
The score would be 0 because there are no rules triggered.
Advisory with Multiple Vulnerabilities
An advisory Threat Score is based upon each of the CVEs included in an Advisory as specified above. In Software Vulnerability Research, the vulnerabilities that have exploits are indicated with a red circle for easier identification.