Vulnerabilities fall into specific categories identified by the Common Weakness Enumeration (CWE) that are useful for grouping threats and remediation efforts. In addition, each vulnerability definition has a Common Vulnerability Scoring System (CVSS) score. A specific VI's CVSS score can be adjusted based on local conditions, entity criticality, and other environmental factors.
In addition to tracking possible vulnerabilities and identified vulnerability instances, RiskVision tracks remediation efforts using Tickets. Because many entities can be affected by a single VI, tickets are created for each entity group. You can mark one or more entities in the group as 'fixed' (mitigated), and when all entities have been mitigated and the ticket has been closed, the VI itself is marked as mitigated. For information about how to link tickets for reported vulnerabilities, see Linking Tickets to Vulnerabilities.
