Data Theorem's CVSS scoring system leverages the Results API and generates a score for each issue, based on the type of issue, its severity, exploit-ability, etc. Below are the details on how the scoring works:
- Severity
- Security P1
- High
- Medium
- Low
- Exploitability
- Hard
- Moderate
- Easy
- Issue Type
- Data At-Rest Exposure
- Data In-Transit Exposure
- Data Loss to Attackers
- Data Exposure to Third Party Apps
- Unauthorized Data Collection
Script
To generate the CVSS score for all the issues displayed in your account within the Data Theorem portal, use the Data Theorem Python client:
...
python results_api_cli.py --api-key <results_api_key>
The script will write all the issues to a CSV file, with a CVSS score generated for each issue.CVSS scores for each issue are directly available from the the Results API, when fetching the security findings.
The following fields can be used and are referenced within the API documentation:
- cvss_score
- cvss_vector