Why should I rescore vulnerabilities?
You can create rescore profiles to rescore the CVSS 3.x score for all vulnerabilities across a product version. You can also rescore individual vulnerabilities. As you assess and set these metrics, you'll see the rescored value and CVSS vector string updating accordingly.
Unlike upgrading to a new version of applying a patch, rescoring does not require you to upload a new version of your SBOM.
Why should I rescore?
Focus on the most critical and exploitable issues first
By rescoring, you can concentrate on the dependency components impacted by the most exploitable vulnerabilities first, ensuring that you've assessed the fixability of a vulnerability, your overall level of confidence on the information reported for a particular vulnerability, the importance of the affected dependency component based on its placement in your infrastructure.
Scalable and repeatable scoring method
By rescoring based on your particular device's environment and usage, you can often reduce the severity of a particular vulnerability or of all vulnerabilities that impact a particular product version. You can save and apply a profile, giving you the benefit of a scalable, repeatable vulnerability scoring method to help you analyze and mitigate risk more quickly, ensuring patient safety and paving your way to FDA cybersecurity approval for your product submissions.
Save months of R&D cost
More automated rescoring removes bias from your risk assessment methodology, while incresaing efficiency. It frees your engineers up to concentrate on your company's future, rather than spending weeks and months manually rescoring vulnerabilities, a task which also contributes to attrition.
Maximize ROI and reduce timelines
You can also identify and implement strategic changes to your risk mitigation strategies to maximize ROI and reduce unexpected delays, helping to improve business outcome, timelines, and product security design scope.
Ensure that you understand the impact of the recent regulatory changes included in the Patch Act, as well as the likelihood that the FDA will flag your submissions for connected devices due to cybersecurity deficits.
Understand the CVSS vulnerability scoring systemUnderstand issue severity levelRescore product versions and individual vulnerabilities
Rescore an individual vulnerabilityRescore all vulnerabilities for a product versionLast updated