Risk Assessment Settings

Use the Risk Assessment settings to customize risk calculations and display risks in other dashboards. The weight and formula information listed below is also available from the Risk Assessment Settings dialog under Risk Assessment Info.

• Exposure Level Weight:

  • Low = 0

  • Medium = 33

  • High = 66

  • Critical = 100

• Exploit Exists Weight

  • False = 0 (exploit does not exist)

  • True = 100 (exploit exists)

• Product Criticality Rating Weight

Use the default setting or set custom criticality by product. See [Custom Risk Settings].

The Risk Assessment Score calculation uses the following formula:

((ExposureLevelValue * ExposureLevelWeight) + (ExploitExistsValue * ExploitExistsWeight) + (CriticalityValue * CriticalityWeight)) / (ExposureLevelWeight + ExploitExistsWeight + CriticalityWeight)

Risk Score Settings

The Risk Assessment Score calculation uses a weighted average of three aspects of software security listed below. Each uses an assigned weight between 0 -- 100. The default value for each weight is 50.

Custom Risk Settings

Use these settings to create settings that override the default settings defined in the metadata for Product Criticality settings or to create Custom Risk Scores.

Create Custom Product Criticalities

1. Select +Create Custom Product Criticality in the Custom Risk Settings workspace. This opens the Create Custom Product Criticality dialog.

   
2. Select Browse to search for the product you want to customize.

   
3. Select the product to modify, and then select Add Software Product.

   • This adds a table to Custom Product Criticalities.

   • Each time you add another product, the added information appears in this table.

4. Enter the number that corresponds to the criticality weight you want to set for this product, and then select Create Custom Product Criticality.

   

Create Custom Risk Scores

1. Select +Create Custom Risk Score in the Custom Risk Settings dialog. This opens the Create Custom Risk Score dialog.

   
2. Select Browse to open the Add Installable Software dialog.

   1. Enter a product name in the search line, and then select Search. This example uses Google Chrome.

   2. Select the product from the list, and then select OK.

      
3. Enter the number that corresponds to the risk score you want to set for this product, and then select Create Custom Risk Score.

   • This adds a table to Custom Risk Scores.

   • Each time you add another product, the added information appears in this table.

4. Select Save Settings.