Analyzing Vulnerabilities Flashcards
1
Q
False positive
A
-a vulnerability is identified that doesn’t exist
2
Q
False negative
A
A vulnerability exists, but not detected
3
Q
CVSS (common vulnerability scoring system)
A
is a standardized framework used to assess the severity of security vulnerabilities in software and hardware. It provides a way to quantify the characteristics and impact of vulnerabilities, allowing organizations to prioritize their responses based on risk
4
Q
CVE (common vulnerabilities and exposures)
A
is a standardized system for identifying and cataloging publicly known cybersecurity vulnerabilities. It serves as a reference method for publicly known information security vulnerabilities and exposures