Skip to content

Severity measure #5965

Closed Answered by anterosilva1985
natanaelgonzales asked this question in Q&A
Discussion options

You must be logged in to vote

Hi,

Currently KICS is classifying the vulnerabilities as High, Medium, Low and Information.

The severity of KICS queries is based on several factors that results from a combination of industry standards (for example, CVSS and CIS Benchmarks,) together with the level of exposure for the vulnerability, which is identified by the expertise of our AppSec research team.

Several pillars are considered, by developers and researchers, when defining the severity, such as Discoverability, Damage, Reproducibility, Exploitability, Precision, among others.

The context of the source code is always considered, and it has a huge impact on the severity classification: in some use-cases the CVSS score can …

Replies: 1 comment 2 replies

Comment options

You must be logged in to vote
2 replies
@natanaelgonzales
Comment options

@anterosilva1985
Comment options

Answer selected by anterosilva1985
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants