7 Glossary

This section defines relevant terminology which is consistently used across the entire system.

7.1 Asset

Assets are hosts that are detected on the network during a vulnerability scan with a Greenbone Enterprise Appliance.

During the import of data from the Greenbone Enterprise Appliance into OPENVAS REPORT, the assets are created in OPENVAS REPORT.

7.2 CVE

Common Vulnerabilities and Exposures (CVE) is a dictionary of publicly known information security vulnerabilities and exposures. Every vulnerability is assigned a unique identifier, consisting of the release year and a simple number, and serves as a central reference.

7.3 CVSS

The Common Vulnerability Scoring System (CVSS) is an industry standard for describing the severity of security risks in computer systems. Security risks are rated and compared using different criteria. This allows for the creation of a priority list of countermeasures.

7.4 Vulnerability Test (VT)

A vulnerability test (VT) is a routine that checks a target system for the presence of a specific known or potential security problem. VTs include information about development date, affected systems, impact of vulnerabilities and remediation.

7.5 Quality of Detection (QoD)

The Quality of Detection (QoD) is a value between 0 and 100 describing the reliability of the executed vulnerability detection or product detection.

For more information see Chapter 6.4.4.

7.6 Severity

The severity is a qualitative measure of a vulnerability’s severity according to the Common Vulnerability Scoring System (CVSS). This includes a severity score, which is a number from 0.0 to 10.0, with 10.0 being the most severe, and a severity class based on the score (Critical, High, Medium and Low).

7.7 Solution Type

The solution type shows possible solutions for the remediation of the vulnerability (workaround, mitigation, vendor fix), or whether a vulnerability cannot or will not be fixed.