Vulnerability tree: Difference between revisions

From Cramsession
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials
No edit summary
No edit summary
Line 14: Line 14:
=Implications=
=Implications=


Exploits at layer 1, result from  
* Exploits at layer 1, result from  
vulnerabilities in layer 2
 
that are implemented in the product or solution at layer 3
* vulnerabilities in layer 2
  The action at layer 4 updates the product, fixing the module and resolving the exploit
 
* that are implemented in the product or solution at layer 3
   
* the action at layer 4 updates the product, fixing the module and resolving the exploit

Revision as of 21:38, 8 November 2024

This tree is used to link vulnerabilities to remediation actions.


Tree Design

 1  [CVE]  [CVE] [CVE] [CVE]
     \      /     \    /
 2   [Module]     [Module]
          \      / 
 3        [Product]
             |
 4        [Action]

Implications

  • Exploits at layer 1, result from
  • vulnerabilities in layer 2
  • that are implemented in the product or solution at layer 3
  • the action at layer 4 updates the product, fixing the module and resolving the exploit
Retrieved from "https://cramsession.net/index.php?title=Vulnerability_tree&oldid=655"