Rescore vulnerabilities in bulk or individually

You can rescore vulnerabilities at multiple levels according to your product's security posture, ensuring you're focusing on the most exploitable vulnerabilities:

  • Bulk rescore selected vulnerabilities across your entire product portfolio (multiple products and versions)

  • Bulk rescore all vulnerabilities within a single product version

  • Bulk rescore vulnerabilities across selected components within a product version

  • Toggle on auto-update to automatically rescore vulnerabilities that have exploitability and fixability changes across any of these rescoring levels

Why rescore vulnerabilities?

Rescoring vulnerabilities allows you to align CVSS 3.x scores with the specific needs of your product's environment and usage, ensuring your vulnerability management process is both efficient and effective, and that you stay focused on resolving the vulnerabilities that matter most to your company, patient safety and your bottom line.

Unlike upgrading to a new version of applying a patch, rescoring does not require you to upload a new version of your SBOM.

Key reasons to rescore:

  • Focus on most exploitable issues: Identify and address the most exploitable and impactful vulnerabilities based on its fixability, report confidence, and the impact it will have on your overall infrastructure.

  • Save time and minimize effort:

    • Automate exploitability and fixability updates, reducing manual tracking and human error. If there is any change to the metrics of Exploit Code Maturity, Remediation Level, and/or Report Confidence, your vulnerabilities will be automatically rescored based on this updated data.

    • Streamline your processes with scalable and repeatable custom rescores.

  • Maximize ROI:

    • Rescoring reduces repetitive manual assessment by weeks or even months, freeing engineers to focus on clinical innovation and reducing attrition.

    • Enables strategic risk mitigation, avoiding delays and improving product timelines.

  • Regulatory alignment: Meet FDA cybersecurity requirements by demonstrating proactive risk management tailored to your product's environment and usage. Ensure that you understand the impact of the recent regulatory changes included in the Patch Act, as well as the likelihood that the FDA will flag your submissions for connected devices due to cybersecurity deficits.

  • Increased accuracy: Tailored scoring ensures more precise prioritization and decision-making, avoiding the one-size-fits-all limitations of base CVSS scores, and the ever-evolving understanding of the flaws in the CVSS scoring system.

Bulk rescore vulnerabilities across product portfolio

You can now select multiple vulnerabilities across different products and versions, then bulk rescore them with consistent Temporal and Environmental scoring parameters.

  1. From the Vulnerabilities view, select the vulnerabilities you want to rescore across your product portfolio. You can select vulnerabilities from different products and versions.

  2. Click Rescore X vulns (where X represents the number of selected vulnerabilities).

  3. In the Rescore panel, specify a profile name and description for this bulk rescoring operation.

  4. Click the Temporal score section to expand it, then select the appropriate metric values you'd like to apply to all selected vulnerabilities.

  5. Click the Environmental score section to expand it, then select any Environmental metric value changes you'd like to apply to all selected vulnerabilities.

  6. Click the Preview vulnerabilities tab to view a sample of vulnerabilities to assess how the rescoring will impact them.

  7. Optional: Toggle the Auto-update all vulnerabilities switch. If enabled, all selected vulnerabilities will be automatically rescored whenever there are Temporal updates.

  8. Click Save & apply to apply the rescoring to all selected vulnerabilities. You'll see a success message and updated scores in the Rescore column for each affected vulnerability.

Bulk rescore all vulnerabilities in a product version

You can rescore all CVSS 3.x vulnerabilities across a product version.

  1. In the product/version selection bar, click the Rescore drop-down link > Rescore all vulnerabilities. This will display the Rescore panel.

  2. Specify a profile name and description.

  3. Click the Temporal score section to expand it.

  4. Select any Temporal metric values you'd like to apply across the product version.

  5. Click the Environmental score section to expand it.

  6. Select any Environmental metric value changes you'd like to apply across the product version.

  7. Click the Preview vulnerabilities tab to view a sample of five vulnerabilities to assess how the rescoring will impact them.

  8. Optional: In the Temporal section, toggle the Auto-update this vulnerability with exploitability changes switch. If you enable auto-update, the Temporal score metrics will become read-only, as they will be automatically updated based on exploitability changes. You can still individually rescore any vulnerability associated with this product, if desired. The last change made to a vulnerability — whether by a custom rescore global change or by an individual vulnerability rescore — will take precedence.

  9. On the Save & apply button, you'll see the number of vulnerabilities associated with this product version (Save & apply to x vulnerabilities). Click Save & apply x vulnerabilities. You'll see a success message and will also see a new Rescore column with the rescored CVSS value for each vulnerability.

Bulk rescore vulnerabilities across selected components

You can select multiple components within a product version and rescore all vulnerabilities associated with those components.

  1. From a specific product version's Vulnerabilities view, select the components whose vulnerabilities you want to rescore.

  2. Click Rescore all vulnerabilities for the selected components.

  3. In the rescore panel, specify a profile name and description for this component-based rescoring operation.

  4. Click the Temporal score section to expand it, then select the appropriate metric values you'd like to apply to all vulnerabilities in the selected components.

  5. Click the Environmental score section to expand it, then select any Environmental metric value changes you'd like to apply to all vulnerabilities in the selected components.

  6. Click the Preview vulnerabilities tab to view a sample of vulnerabilities to assess how the rescoring will impact them.

  7. Optional: Toggle the Auto-update all vulnerabilities switch. If enabled, all vulnerabilities in the selected components will be automatically rescored whenever there are Temporal updates.

  8. Click Save & apply to apply the rescoring to all vulnerabilities in the selected components. You'll see a success message and updated scores in the Rescore column for each affected vulnerability.

Rescore individual vulnerability

You can individually rescore any vulnerability. If you've already custom rescored a particular product version, this individual rescore will override the custom rescore for that vulnerability. The last change made to a vulnerability — whether by a custom rescore global change or by an individual vulnerability rescore — will take precedence.

  1. In the product/version selection bar of Vulnerabilities, you'll see a Rescore action link.

  2. Expand the Temporal score section, then modify the appropriate metric values.

  3. Expand the Environmental score section, then modify the appropriate metric values. You'll see the rescored value display in both the Temporal and Environmental sections, as well as in the summary information below these sections.

  4. Assess how this rescoring will impact the CVSS score of this vulnerability. If you're satisfied with this rescoring, click Save & apply.

Last updated

Was this helpful?