Rescore vulnerabilities in bulk or individually
You can rescore vulnerabilities globally for a product version or individually using Helm.
Why rescore vulnerabilities?
Rescoring vulnerabilities allows you to align CVSS 3.x scores with the specific needs of your product's environment and usage, ensuring your vulnerability management process is both efficient and effective, and that you stay focused on resolving the vulnerabilities that matter most to your company, patient safety and your bottom line.
Key reasons to rescore:
Unlike upgrading to a new version of applying a patch, rescoring does not require you to upload a new version of your SBOM.
Focus on most exploitable issues: Identify and address the most exploitable and impactful vulnerabilities based on its fixability, report confidence, and the impact it will have on your overall infrastructure.
Save time and minimize effort:
Automate exploitability and fixability updates, reducing manual tracking and human error. If there is any change to the metrics of Exploit Code Maturity, Remediation Level, and/or Report Confidence, your vulnerabilities will be automatically rescored based on this updated data.
Streamline your processes with scalable and repeatable custom rescores.
Maximize ROI:
Rescoring reduces repetitive manual assessment by weeks or even months, freeing engineers to focus on clinical innovation and reducing attrition.
Enables strategic risk mitigation, avoiding delays and improving product timelines.
Regulatory alignment: Meet FDA cybersecurity requirements by demonstrating proactive risk management tailored to your product's environment and usage. Ensure that you understand the impact of the recent regulatory changes included in the Patch Act, as well as the likelihood that the FDA will flag your submissions for connected devices due to cybersecurity deficits.
Increased accuracy: Tailored scoring ensures more precise prioritization and decision-making, avoiding the one-size-fits-all limitations of base CVSS scores, and the ever-evolving understanding of the flaws in the CVSS scoring system.
Rescore all vulnerabilities in a product version
You can rescore all CVSS 3.x vulnerabilities across a product version.
Rescore individual vulnerability
You can individually rescore any vulnerability. If you've already custom rescored a particular product version, this individual rescore will override the custom rescore for that vulnerability. The last change made to a vulnerability — whether by a custom rescore global change or by an individual vulnerability rescore — will take precedence.
In the product/version selection bar of Vulnerabilities, you'll see a Rescore drop-down action link.
Expand the Temporal score section, then modify the appropriate metric values.
Expand the Environmental score section, then modify the appropriate metric values. You'll see the rescored value display in both the Temporal and Enviromental sections, as well as in the summary information below these sections.
Assess how this rescoring will impact the CVSS score of this vulnerability. If you're satisfied with this rescoring, click Save & apply.
Last updated