Environmental aware vulnerability scoring

When assessing the CVSS value of a vulnerability, the Environmental Metrics are often ignored. There are several reasons for this. However, this score is essential for the prioritization of vulnerabilities. The author proposes an approach that should generate the environmental score systematically and highly automated. For this purpose, various information about the systems and the network is needed, which should be managed in a model. An algorithm uses the linked information to automatically determine the Environmental Metrics. Experts without a security background should thus be able to determine this score in the same way as experts. The results should also be repeatable and independent of the evaluator.