Which of the following industry-recognized risk-scoring models assigns a numeric score (0-10) by combining exploitability metrics with impact metrics, enabling an organization to rank vulnerabilities and address the highest-risk issues first?
Common Vulnerability Scoring System (CVSS) is designed to provide a quantitative severity score based on Exploitability (attack vector, complexity, privileges required, user interaction) and Impact (confidentiality, integrity, availability). The resulting 0-10 score lets security teams compare and prioritize findings.
STRIDE, MITRE ATT&CK, and the OWASP Top 10 are valuable for threat modeling or awareness but do not output a numeric severity value; therefore, they cannot directly rank vulnerabilities by calculated risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Exploitability and Impact Metrics in CVSS?
Open an interactive chat with Bash
What is the difference between CVSS and STRIDE?
Open an interactive chat with Bash
How does CVSS compare to the OWASP Top 10 and MITRE ATT&CK frameworks?