Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization.
Which of the following can the analyst do to get a better picture of the risk while adhering to the organization’s policy?
BiteSize
Highly Voted 1Â year, 8Â months agoewbafoow
Highly Voted 1Â year, 10Â months agodeeden
Most Recent 3Â months, 2Â weeks agoBright07
3Â months, 4Â weeks ago