Comment on page
Create, apply, or change rescore profile for product version
As you know, the base CVSS score isn't tailored to your particular product's environment and usage. To ensure that you're spending your limited time resolving the vulnerabilities that matter most to your company, patient safety and your bottom line, you can create and apply rescore profiles to your various product versions.
If you've already created rescore profiles, you can then apply these profiles to a product version from either the SBOM or Vulnerabilities pages. After setting the Temporal and Environmental metrics that apply to particular product version, you can preview a sample of vulnerabilities to see how this will impact their scores, as well as how many vulnerabilities will be rescored. You can then apply it all vulnerabilities associated with this version, as well as to any other applicable product versions.
Will modifying a rescore profile's settings in one version automatically change what's already been applied to other versions?
To avoid inadvertently making substantial changes that you may not want, applying an existing profile to a product version will actually create a copy of this profile. Because each product version will have its own copy of the original rescore profile, making changes will not affect any other product versions. This also means that you can go back at any time to modify a copy.
- 1.In the product/version selection bar, click the Rescore drop-down link > Create rescore profile to apply. This will display the Modify rescore profile panel.
- 2.Specify a profile name and description.
- 3.Click the Temporal score section to expand it. If you've used the CVSS 3.1 calculator before, our rescoring calculator should look very familiar!
- 4.Select any Temporal metric values you'd like to apply across the product version.
- 5.Click the Environmental score section to expand it.
- 6.Select any Environmental metric value changes you'd like to apply across the product version.
- 7.Click the Preview vulnerabilities tab to view a sample of five vulnerabilities to assess how the rescoring will impact them.
- 8.On the Save & apply button, you'll see the number of vulnerabilities associated with this product version (Save & apply to x vulnerabilities). Click Save & apply x vulnerabilities. You'll see a success message and will also see a new Rescore column with the rescored CVSS value for each vulnerability.
- 1.In the product/version selection bar, click the Rescore drop-down link > Choose rescore profile to apply. This will display the Modify rescore profile panel.
- 2.Specify a profile name and description.
- 3.Click the Temporal score section to expand it. If you've used the CVSS 3.1 calculator before, our rescoring calculator should look very familiar!
- 4.Select any Temporal metric values you'd like to apply across the product version.
- 5.Click the Environmental score section to expand it.
- 6.Select any Environmental metric value changes you'd like to apply across the product version.
- 7.Click the Preview vulnerabilities tab to view a sample of five vulnerabilities to assess how the rescoring will impact them.
- 8.On the Save & apply button, you'll see the number of vulnerabilities associated with this product version (Save & apply to x vulnerabilities). Click Save & apply x vulnerabilities. You'll see a success message and will also see an updated score in the Rescore column for each vulnerability.