Evaluate your company's exposure to highly exploitable CVEs and how you compare to global averages.
To better assist you in determining and responding to your company's vulnerabilities,
Trend Micro designed certain metrics to complement each other for
greater clarity.
The Highly Exploitable Vulnerability Percentages and Highly Exploitable CVE Density
widgets work together to help you tailor your response to vulnerabilities. Click on
the entry for the CVE density or percentage of a particular type of asset to view
a list of affected assets.
Metric
|
Description
|
Example
|
||
Highly Exploitable CVE Density
|
Calculated from the total number of detected highly-exploitable CVEs divided by the
total number of managed assets with Vulnerability Assessment enabled (Total highly
exploitable CVEs / Total managed assets with Vulnerability Assessment)
Highly Exploitable Vulnerability Percentage calculations occur daily. Weekly and monthly
averages use a simple average calculation based off the daily values.
|
Total asset count: 3
Highly-exploitable CVE density (Total highly-exploitable CVEs / Total assets with
Vulnerability Assessment):
(2+4+0) / 3 = 2.0
|
||
Highly Exploitable Vulnerability Percentages
|
Calculated from the total number of a specific asset type with detected highly exploitable
CVEs divided by the total number of the specific type of asset with Vulnerability
Assessment enabled (Total assets with vulnerabilities / Total assets with Vulnerability
Assessment * 100).
Managed assets with available highly exploitable vulnerability percentage calculations
include:
Highly Exploitable Vulnerability Percentage calculations occur daily. Weekly and monthly
averages use a simple average calculation based off the daily values.
|
Highly Exploitable Vulnerability Percentage (Total assets with vulnerabilities / Total
assets with Vulnerability Assessment * 100):
5 / 25 * 100 = 20%
|
![]() |
Important
|
Example Scenario
Company A
|
Company B
|
|
|
Even though the CVE Density values for both companies are the same (10.2), the risk
profiles are very different.
Examining both metrics can help a company determine the best method to reduce CVE
vulnerabilities.
|