One of the main dilemmas we face every day is which vulnerability to close first. It was from this that we at Fluid Attacks designed a metric to help us make better decisions. We are talking about the CVSSF.

With this new metric, we can understand that closing 10 vulnerabilities with a score equal to 1 is not the same as closing 1 vulnerability with a score equal to 10. At the same time, we can calculate the level of exposure of a system.

Thanks to this new graph based on the CVSSF, you will be able to know which vulnerabilities to attack and remediate first to reduce the level of exposure of your system.