No one can deny that we are suffering from an overflow of vulnerabilities that is overwhelming and intensifying every year.
The Common Vulnerability Scoring System (CVSS) was all we had to work with so far. This “one size fits all” severity ranking for vulnerabilities may help prioritize remediation action. However, without the context of the vulnerability location, exploitability and compensating controls, we are left with a crippled score leading to substantial remediation cycles of wasted items that don’t need fixing, and we’re missing out on those who really do.
The good news is that attack-based scoring is here to lead us on a new path – The Pentera Score.