Date of publication: 2017-08-25 06:38
For a set of weakness findings for an individual software package, it is expected that all findings would have the same Not Applicable value for the factor that is being ignored.
The stakeholder community is collaborating with MITRE to investigate several different scoring methods that might need to be supported within the CWSS framework.
When performing targeted scoring against specific weakness findings in an application, Prevalence is normally expected to be irrelevant, since the individual application and the analytical techniques determine how frequently the weakness occurs, and many aggregated scoring methods will generate larger scores if there are more weaknesses.
Go to Buckmasters. Northwest Big Game Northwest Big Game prints big game record books for Oregon, Washington, Idaho, and Montana. Please visit their site for more information or to purchase their record books.
Likelihood of Exploit is the likelihood that, if the weakness is discovered, an attacker with the required privileges/authentication/access would be able to successfully exploit it.
An attacker is unlikely to discover the weakness without highly specialized skills, access to source code (or its equivalent), and a large time investment.
The control does not specifically protect against exploitation of the weakness, but it indirectly reduces the impact when a successful attack is launched, or otherwise makes it more difficult to construct a functional exploit.
The weight for this value is for all factors, which generally produces a lower score the addition of new information (., changing some factors from Unknown to another value) will then adjust the score upward or downward based on the new information.
One aspect of CVSS that is not explicitly modeled in CWSS is the notion of partial impacts. However, the acquired privileges, privilege layer, technical impact, and business impact are roughly equivalent, with more expressive power.