Pick a metric that has not already been selected by another student, and describ
ID: 2246847 • Letter: P
Question
Pick a metric that has not already been selected by another student, and describe the factor in your own words. Also, describe the possible values and their meanings. In other words, suggest how the default, N/A and other values contribute to the overall CWE score.
This is tricky as you need to work through some score calculation examples to really understand the impact. You should work through those examples to support your conclusions.
The metric I choose is:
Likelihood of Exploit (EX) the likelihood that, if the weakness is discovered, an attacker with the required privileges/authentication/access would be able to successfully exploit it.Explanation / Answer
Answer:
Likelihood of Exploit (EX):
Please find the below table with detailed explanation and examples.
This factor is being intentionally ignored in the score calculation because it is not relevant to how the scorer prioritizes weakness.
Example: The scorer might want to assume that attackers could exploit any weakness they can find or be willing to invest significant resources to work around any possible barriers to exploit success
Please let me know if any queries or any modification if you needed. I can be provided thank you.
Value Code Weight Description