Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Likely Exploited Vulnerabilities: NIST Publishes Cybersecurity White Paper 41
NIST Cybersecurity White Paper (CSWP) 41, "Likely Exploited Vulnerabilities: A Proposed Metric for Vulnerability Exploitation Probability", helps organizations identify actively exploited vulnerabilities and measure prioritization after patching.
Organizations need a clear metric for predicting and quickly responding to both software and hardware vulnerabilities. Prioritizing those vulnerabilities that are most susceptible to active exploitation is a core element of managing the Nation’s cybersecurity risks.
NIST Cybersecurity White Paper (CSWP) 41, Likely Exploited Vulnerabilities: A Proposed Metric for Vulnerability Exploitation Probability, helps organizations identify actively exploited vulnerabilities and measure prioritization after patching. This work proposes a metric based on community-provided probabilities to estimate the expected exploitation of product vulnerabilities. It describes that calculation and how the results can be used to improve security and prioritization efforts. The likelihood calculations presented in this paper also help identify opportunities for improvement in popular systems that are used to describe vulnerability exploitation activity. This work will improve such systems and the remediation actions they require to reduce national cybersecurity risks.