The calculated score, which is between 0 and 10, reflects the severity of the vulnerability. The higher the score, the more critical it is (low, medium, high or critical level). It is evaluated according to 3 metric groups:
– a baseline score, which assesses a problem (theoretical impact of the vulnerability)
– a temporal score, representing the characteristics of a vulnerability that can evolve according to exploits present in nature, patches…
– an environmental score, which takes into account the environment and the consequences of exploiting this vulnerability. It will evolve according to existing patches, mitigating measures, etc.