![]() ![]() Same Vulnerability but varying DSS depending on exposure and sensitivity Note that this time, we see that this vulnerability has the sensitive data assets symbol enabled and it has a critical DSS score. Note in the below screenshot, Davis has marked that the vulnerability with symbols to indicate that it has access to sensitive data and there is a known malicious code that exploits this vulnerability. Within no time, I see Dynatrace detected and rated the vulnerability as critical: ![]() In the same Linux machine, I installed a Java Application that used the infamous Log4j library for logging. In the next section, I will show you how each of the scenarios looks like and how you could use DSS for precise risk assessment. Although the CVSS score for the vulnerability is 9.8, DSS doesn’t assume the worst-case scenario and does a true assessment. The table below shows how DSS provides an accurate assessment of the Log4j vulnerability based on the environment of the affected system. Why does the same vulnerability have different DSS scores? By reducing the score of vulnerabilities that are, in fact, not critical for your environment, you gain time to focus on the real issues and fix them faster. With Davis AI, you can find out if the affected entity is reachable from the Internet and if there is any data stored in reach of an affected entity.ĭSS makes you more efficient: By including additional parameters in its analysis, Davis can more precisely calculate the security score and predict the potential risk of a vulnerability to your environment. Instead, Davis adapts the characteristics of the vulnerability to your particular environment, taking into consideration its structure and topology, and advises you as to which elements are prone to errors and how to handle security issues. Because Davis AI also considers parameters like public internet exposure and checks to see if and where sensitive data is affected, DSS is the most precise risk-assessment score available.ĭSS is more accurate: Davis doesn’t assume the worst-case scenario.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |