Advanced Vulnerability Rating: A Detailed Explanation of Risk

Risk is an overall assessment that incorporates the probability of a vulnerability being exploited (reflected in the Likelihood measurement) and the amount of damage that could be done if the vulnerability is in fact exploited (reflected in the Impact measurement).

These two factors are evaluated to yield a risk level for the vulnerability. This table shows the risk mapping for all possible combinations of Impact and Likelihood:

risk level determination table

The next sections will examine how we determine Impact and Likelihood.