Risk assessment

In the following, you'll learn about the factors considered when assessing a vulnerability:

Public internet exposure

Public internet exposure is one of the risk assessment factors taken into consideration when determining the Davis Security Score.

If there is public internet exposure, it means that vulnerabilities affect at least one process that is exposed to the internet.

Possible states

  • Public network: There is public internet exposure.
  • Not detected: No public internet exposure was found.
  • Not available: Data isn't available, because the related hosts aren't running in Full-Stack Monitoring mode. For details, see Monitoring modes.

Use case

Filter vulnerabilities by Risk assessment > Public internet exposure.

FAQ

How is public internet exposure determined?

Reachable data assets

Reachable data assets are one of the risk assessment factors taken to consideration when determining the Davis Security Score. If there are any reachable data assets affected it means that vulnerabilities affect at least one process that has database access (runs a database service).

Possible states

  • Within range: There are reachable data assets affected.
  • None within range: There are no reachable data assets within range.
  • Not available: Data isn't available, because the related hosts aren't running in Full-Stack Monitoring mode. For details, see Monitoring modes.

Use cases

Vulnerable functions

Third-party vulnerabilities

Vulnerable functions are one of the risk assessment factors to consider when evaluating a vulnerability (yet they are not considered for the DSS calculation).

If there are any vulnerable functions in use, there is at least one process using a vulnerable function (this might indicate a higher exploitation risk).

Possible states

Key concepts

Class

The class that contains the vulnerable function related to the vulnerability.

  • Example: org.apache.http.client.utils.URIUtils
Function usage

Shows whether the vulnerable function is being used by your application. Based on whether your application uses the vulnerable function, you can assess the impact on your environment. The usage of a vulnerable function is calculated on the process level and is aggregated to the process group level, which results in a count of affected process groups per function.

  • Examples: In use, Not in use, Not available

Use cases

FAQ

Public exploit

Third-party vulnerabilities

One of the risk factors to be considered when assessing a vulnerability. If there is any public exploit published, it means that malicious code to exploit this vulnerability is available on the internet.

Possible states

  • Public exploit published: A publicly known exploit for this vulnerability is available.
  • No public exploit published: No publicly known exploit for this vulnerability is available.

Use case

Filter vulnerabilities by Risk assessment > Public exploit published.

Reduced accuracy

Reduced accuracy means detailed analysis is not possible for various reasons, for example when there are vulnerabilities with related hosts running in Infrastructure Monitoring mode or OneAgent Discovery mode.

How this affects the DSS calculation: The context of internet exposure or reachable data assets cannot be examined due to the lack of information, thus the DSS score can't be lowered. For more information, see Monitoring modes.

When Full-Stack Monitoring isn't enabled, an alert is displayed on the details page of a vulnerability.

Use case

Filter for Risk assessment > Reduced accuracy to find out which vulnerabilities have reduced accuracy.