cvss
Safeguard articles tagged "cvss" — guides, analysis, and best practices for software supply chain and application security.
47 articles
How the Snyk Priority Score algorithm blends CVSS, exploi...
How Snyk's Priority Score blends CVSS severity, exploit maturity, and reachability analysis into a single 1-1000 vulnerability ranking score.
How the Snyk Risk Score's 0-1000 scale is derived from CV...
How Snyk's 0-1000 Risk Score starts from the CVSS impact subscore formula, then layers in exploit maturity, social trends, and reachability data.
How Snyk's exploit maturity rating is researched and assi...
A look at how Snyk researches and assigns exploit maturity ratings — the categories, the manual research process, and how the label shapes vulnerability prioritization.
How Risk Scoring Models Differ Across AppSec Platforms
CVSS, EPSS, SSVC, and vendor priority scores all measure vulnerability risk differently. Here's how they diverge, with real numbers, and how reachability analysis cuts through the noise.
Vulnerability Prioritization in 2025: EPSS, VEX, and the End of CVSS-Only Triage
CVSS scores alone cannot tell you what to patch first. EPSS exploit prediction and VEX documents are reshaping how mature security teams prioritize vulnerabilities at scale.
Exploit Chaining: A Supply Chain Perspective
How attackers chain low and medium severity flaws across dependencies to reach critical impact, and why supply chain context changes triage priorities.
CVE Vulnerability Lookup and Scoring, Explained
A CVE vulnerability record is an identifier, not a severity rating on its own — here's how CVE IDs, CVSS scores, and the actual lookup process fit together.
CVE Vulnerabilities Explained: How the CVE System Works
What a CVE vulnerability actually is, who assigns the IDs, how CVSS scoring and the KEV catalog fit in, and why a CVE number is a label, not a verdict.
The National Vulnerability Database: How to Actually Use It
The National Vulnerability Database is the US government's CVE repository — here's how to search it, read its CVSS scores, and use it in a real workflow.
Understanding EPSS: Exploit Prediction Scoring System Explained
EPSS offers a data-driven approach to vulnerability prioritization. Learn how it works, how it compares to CVSS, and why your team should care.
Vulnerability Prioritization: Beyond CVSS Scores
CVSS scores alone lead to alert fatigue and misallocated resources. Here's how EPSS, reachability analysis, and exploit intelligence create a smarter prioritization model.