Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

07:00 AM
Ericka Chickowski
Ericka Chickowski
Edge Features
Connect Directly

The 20 Worst Metrics in Cybersecurity

Security leaders are increasingly making their case through metrics, as well they should - as long as they're not one of these.

CVSS-Based Risk Scoring

Says Michael Roytman, chief data scientist at Kenna Security: "Only a small percentage of all vulnerabilities are ever exploited, but CVSS scores don’t reflect this truth. CVSS scores do not consider how widespread a vulnerability is and the public availability of a known exploit. Essentially, CVSS does not take into consideration the threat or the probability that a vulnerability will be exploited as part of a hack, and yet many organizations rely on it as their sole compass for patching vulnerabilities.

"When security teams are evaluating which vulnerabilities need to be patched first, their prioritization needs to go beyond CVSS and consider the likelihood of these vulnerabilities being exploited."

(Image: Sirichai via Adobe Stock)

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
7 of 21
Print  | 
More Insights
Flash Poll