Why should I rescore vulnerabilities?
Last updated
Was this helpful?
Last updated
Was this helpful?
You can create rescore profiles to rescore the CVSS 3.x score for all vulnerabilities across a product version. You can also rescore individual vulnerabilities. As you assess and set these metrics, you'll see the rescored value and CVSS vector string updating accordingly.
Unlike upgrading to a new version of applying a patch, rescoring does not require you to upload a new version of your SBOM.
By rescoring, you can concentrate on the dependency components impacted by the most exploitable vulnerabilities first, ensuring that you've assessed the fixability of a vulnerability, your overall level of confidence on the information reported for a particular vulnerability, the importance of the affected dependency component based on its placement in your infrastructure.
By rescoring based on your particular device's environment and usage, you can often reduce the severity of a particular vulnerability or of all vulnerabilities that impact a particular product version. You can save and apply a profile, giving you the benefit of a scalable, repeatable vulnerability scoring method to help you analyze and mitigate risk more quickly, ensuring patient safety and paving your way to FDA cybersecurity approval for your product submissions.
More automated rescoring removes bias from your risk assessment methodology, while incresaing efficiency. It frees your engineers up to concentrate on your company's future, rather than spending weeks and months manually rescoring vulnerabilities, a task which also contributes to attrition.
You can also identify and implement strategic changes to your risk mitigation strategies to maximize ROI and reduce unexpected delays, helping to improve business outcome, timelines, and product security design scope.
Ensure that you understand the impact of the recent regulatory changes included in the Patch Act, as well as the likelihood that the FDA will flag your submissions for connected devices due to cybersecurity deficits.