Contextual remediations prioritization system designed to implement theoretical principles of CVSS V4

Abstract

Technological advancements have led to an unprecedented expansion in the number and complexity of device interconnections. This brisk pace of adoption, while indicative of progress, often results in improper or in-complete configurations, thereby escalating the susceptibility of cyber infrastructures to vulnerabilities. In 2023 alone, approximately 30.000 vulnerabilities were identified, culminating in over 8 billion data breach records. Vulnerabilities prioritization is a problematic subject, consequently, VRM solutions should change their approach. This paper introduces a novel vulnerability prioritization method that proposes to cover new CVSS v4 version challenges. This approach leverages dynamic scoring and contextual information of vulnerabilities, aiming to provide a more nuanced and effective prioritization strategy.