search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.74k stars 1.56k forks source link

Vulnerability Priority Score #8015

Closed ghost closed 10 months ago

ghost commented 1 year ago

Some scanners have the ability to calculate a "Vulnerability Priority Score" - this score is typically a combination of the criticality of the vulnerability and the current threats. For example, Nessus/Tenable has a "Vulnerability Priority Rating" (VPR) that goes from 0.0 to 10.0, with 10 being the most critical. It could be very valuable to implement this in "Findings" and the individual "Parsers". There is probably a need to standardize this value, for example

mtesauro commented 1 year ago

I'd look at #8072 as the Nessus parser is getting an update.

manuel-sommer commented 10 months ago

We standardize this in general in the parsers. Please close this @mtesauro