Open pombredanne opened 4 months ago
A reachable vulnerability has a path from your code to the root cause of a vulnerability.
Gauge risk by identifying whether a function related to the vulnerability is being called by your application, raising the chances of that vulnerability being exploitable in the context of your application.
A "reachability ranking" appears to be relevant to product or other first-party code ("your code") and applies to that usage context.
Create models and design API to integrate external tool's reachability analysis results inform vulnerability ranking