Security Center displays severity scores for detected vulnerabilities to help you assess whether a vulnerability has a higher priority. This topic describes how to prioritize vulnerabilities.
Prioritizing vulnerabilities is essential to protect your Alibaba Cloud assets. If you have a large number of assets, you may not be able to assess which vulnerabilities need to be fixed first when a large number of vulnerabilities are detected. To solve this problem, Security Center has a scoring criterion to help you prioritize vulnerabilities.
Severity score = CVSS score x Time score x Environment score x Asset importance score
|CVSS Score||The Common Vulnerability Scoring System (CVSS) score of the vulnerability. Valid values: 0 to 10.||CVSS is used to assess the severity of vulnerabilities.|
|Time Score||To complement the CVSS score, a dynamic time curve is formed by comprehending factors such as the time delay in the deployment of vulnerability mitigation and the popularization of vulnerability exploit methods. Valid values: 0 to 1.||During the first three days when a vulnerability is publicized, due to increased exposure, the possibility that the vulnerability is exploited increases greatly. During this time, the value of this parameter increases from 0 to reach a temporary peak value, which is less than 1. After that, the value decreases greatly. Vulnerabilities become easier to exploit over time. The value of this parameter will increase and approach 1 within 100 days.|
|Environment Score||The environment of your servers. To calculate the environment score, Security Center comprehends factors such as the conditions of exploiting the vulnerability and the status of your server. The environment score is vital to prioritizing a vulnerability.||
Factors that determine the environment score include:
|Asset Importance Score||If you have a large number of servers, the system calculates asset importance scores for different servers or assets based on their importance in different scenarios. The asset importance score is one of the factors that determine the final severity score and helps you prioritize vulnerabilities.||The default value is 1.|
Vulnerability fix priorities
- Critical: The severity score is between 13.5 and 15, which typically represents a high-risk vulnerability.
- Important: The severity score is between 7.1 and 13.5, which typically represents a medium-risk vulnerability.
- Moderate: The severity score is below 7, which typically represents a low-risk vulnerability.
- When the environment score cannot be calculated due to reasons such as unstable network connections, the fix suggestion is displayed as Moderate.
- Emergency and Web-CMS vulnerabilities are high-risk vulnerabilities confirmed by Alibaba Cloud security engineers. We recommend that you fix these two types of vulnerabilities first.