POST: it is hard to rate the severity of vulnerabiliies

[pombredanne]

It is hard to rate the severity of vulnerabilities!

Let's look beyond the alphabet soup of CVSS, KEY, EPSS, SSVC.

• Can AI be a solution with VLAI? https://huggingface.co/CIRCL/vulnerability-severity-classification-roberta-base
• Or the new metric from NIST https://csrc.nist.gov/pubs/cswp/41/likely-exploited-vulnerabilities-a-proposed-metric/final ?
• Or the vulnerablecode risk score CRAVEX: Calculate Package Vulnerability Risk vulnerablecode#1543 (comment)

See also Tod Beardsley https://www.youtube.com/watch?v=348LcypOPI0

[pombredanne]

See also:
from @patrickmgarrity on Linkedin about @todb :