🚧 DevGuard & this page is under active development. Visit the DevGuard Repo →
ConceptsFlaw ManagementPrioritizing Vulnerabilities

Prioritizing Vulnerabilities

Not all vulnerabilities pose the same level of risk to your project. Effective prioritization of vulnerabilities is crucial to ensure that resources are focused on addressing the most critical issues. DevGuard helps you focus on what truly matters by providing risk assessments based on CVSS scores, exploit availability (ExploitDB), and real-world threat data (EPSS). This approach converts a generic --exit-code 1 --severity CRITICAL (like trivy has it) to a more practical --exit-code 1 --risk CRITICAL strategy, ensuring that you address vulnerabilities that could have the most significant impact on your software.

To further illustrate the importance of prioritizing vulnerabilities, consider our Sankey diagram, which demonstrates how many high CVSS vulnerabilities are reassessed and reprioritized. The diagram shows that a significant portion of these vulnerabilities are mapped to EPSS scores in the 0-10% range, indicating a lower likelihood of exploitation. This visual representation underscores the necessity of a nuanced approach to vulnerability management, where not all “critical” CVEs are treated equally, but rather prioritized based on their actual risk.

Sankey diagram showing the reassessment and reprioritization of high CVSS vulnerabilities based on EPSS scores. The diagram illustrates that many high CVSS vulnerabilities are mapped to EPSS scores in the 0-10% range, indicating a lower likelihood of exploitation.

Joint Vulnerability Management (VEX)Overview