Which of the following industry-recognized risk-scoring models assigns a numeric score (0-10) by combining exploitability metrics with impact metrics, enabling an organization to rank vulnerabilities and address the highest-risk issues first?
Common Vulnerability Scoring System (CVSS) is designed to provide a quantitative severity score based on Exploitability (attack vector, complexity, privileges required, user interaction) and Impact (confidentiality, integrity, availability). The resulting 0-10 score lets security teams compare and prioritize findings.
STRIDE, MITRE ATT&CK, and the OWASP Top 10 are valuable for threat modeling or awareness but do not output a numeric severity value; therefore, they cannot directly rank vulnerabilities by calculated risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a recognized numeric scale for evaluating discovered issues?
Open an interactive chat with Bash
What is CVSS, and how does it work?
Open an interactive chat with Bash
Why aren’t vendor recommendations enough to gauge vulnerability severity?