AnsweredAssumed Answered

Qualys Risk Scoring

Question asked by horizon on Jan 3, 2019
Latest reply on Jan 3, 2019 by derekv

Looking at risk ratings and attempting to have a standard for how we address them. When Qualys analysts disagree with a CVSS rating, is it always to give the vulnerability a higher score? Or are there occasions where a vulnerability has a high CVSS score but Qualys gives it a 2 or something like that? 


I want to make a recommendation but I also want to have a handle on how scores may differ between vendor / Qualys / CVSS scoring.