Half of 10.0 CVSS vulnerabilities reported so far in 2022 scored incorrectly.
Notes:
- NVD failed to report 27.3% of CVE (11,860 vulns).
- 52% of all 10.0 CVSS (v2) vulns reported in 2022 are scored incorrectly.
- CVSS v3.1 is better refined for IoT vulns.
- Large gap between CVSS model identifies as critical vulnerabilitie that require immediate attention.
- EPSS aims to address the CVSS model's issue of inaccuracy, and save time in patch management.
- EPSS model can increase the efficiency of patch management from 5% to 42.5%.
Links:
- https://flashpoint.io/resources/report/state-of-vulnerability-intelligence-2022-midyear/