![Siemba-1 (3) (1).png]](https://www.siemba.io/hs-fs/hubfs/Siemba-1%20(3)%20(1).png?height=40&name=Siemba-1%20(3)%20(1).png){kind=small}
What is a Risk Score? (CVSS, DREAD)
CVSS
The Common Vulnerability Scoring System (CVSS) measures the severity of a vulnerability in information security by representing the vulnerability numerically from 0 to 10; with 0 being the lowest vulnerability level and 10 being the highest.
Infosec teams use the CVSS scores in order to compare the vulnerabilities and determine which ones should be addressed first.
DREAD
These factors are considered when calculating the DREAD Risk Scores:
- Damage potential — How much are the assets affected?
- Reproducibility — How easily can the attack be reproduced?
- Exploitability — How easily can the attack be launched?
- Affected users — What’s the number of affected users?
- Discoverability — How easily can the vulnerability be found?
By providing answers to the questions mentioned above and calculating rating values for each item, the threat is evaluated (high, medium, low). The severity is represented by the rating values, which are stated as numbers (3-high, 2-medium, 1-low).