Davis Security Advisor calculations

The Davis Security Advisor is displayed in Third-Party Vulnerabilities above the vulnerability list on the Third-party vulnerabilities page. It recommends the fixes that would most improve the overall security of your environment.

dsa-tpv

Each recommendation contains

  • The library that needs to be updated (for example, jackson-mapper-asl)
  • The library technology logo (for example, )
  • The number of the most severe vulnerabilities that will be fixed after updating the library (for example, Solves 1 critical)
  • The total number of vulnerabilities that will be fixed (for example, 4 vulnerabilities total).

Basis for calculation

To calculate recommended fixes, Davis Security Advisor takes into consideration all third-party vulnerabilities that are currently open and not muted; resolved or muted vulnerabilities aren't taken into account. Fixes are tailored to your environment and ranked based on how much they improve the overall security of your environment.

Grouping

DSA groups specific libraries that trigger vulnerabilities to simplify remediation efforts. When calculating the advice, Davis Security Advisor ignores the specific version of the library. All shown libraries contain known vulnerabilities and should be updated to the latest version.

Advice ranking

Advice is ranked based on the severity of the third-party vulnerabilities. Advice regarding a critical vulnerability, for example, is ranked higher than advice for a high-severity vulnerability.

The severity of a vulnerability is calculated based on Davis Security Score, so you can focus on fixing vulnerabilities that are relevant in your environment, instead of on those that have only a theoretical impact.

Filtering

To filter by recommended fixes, see Filter third-party vulnerabilities by recommended fixes with Davis Security Advisor.