Confidence score calculation example
Example of calculating the confidence for a zero-day vulnerability based on its Common Vulnerabilities and Exposures (CVE) information.
Following is an example of calculating the confidence score from the Common Platform Enumeration (CPE) information of CVE-2019-5786.
Remarque :
Following is a sample exposure assessment record:To view the CPEs, you can group the Vulnerability
column by vulnerability. For details on viewing the vulnerable software details, see View vulnerable software details.
Following is a sample discovery model:
How to calculate the confidence score
The confidence score range is 0–1. Based on the CPE information, the confidence score is calculated using the following formula:((BASE SCORE) + (publisher score) +(product score) + (version score) + (edition score) + (display name score)) / 100((25) + (10) + (10)) / 10045 / 100.45Remarque :
To refer to the values used to calculate the confidence score, see Confidence score reference tables for exposure assessment.
Calculating confidence score when the software model is matched with the normalized discovery model
If you are using the normalized discovery model, the additional information available for the software discovery model provides an enhanced confidence score. Following is the sample calculation:
Following is a sample normalized exposure assessment record.Following is a sample normalized discovery model.
((BASE SCORE) + (publisher score) + (product score) + (version score) + (edition score) + (display name score)) / 100((25) + (20) + (15) + (15) + (0) + (10)) / 10085 / 100.85Remarque :
To refer
to the values used to calculate the confidence score, see Confidence score reference tables for exposure assessment.