UK National Cyber Security Centre,A method to assess ‘forgivable’ vs ‘unforgivable’ vulnerabilities

A method to assess ‘forgivable’ vs ‘unforgivable’ vulnerabilities

Date: 2025-01-28 11:09

Source: UK National Cyber Security Centre

Summary: The UK National Cyber Security Centre (NCSC) has published a new article on a method to assess ‘forgivable’ vs ‘unforgivable’ vulnerabilities. The article provides guidance on how to assess the severity of vulnerabilities and how to prioritize remediation efforts.

Key Points:

• Forgivable vulnerabilities are vulnerabilities that are difficult to exploit or that can be easily mitigated.
• Unforgivable vulnerabilities are vulnerabilities that are easy to exploit and that can have a significant impact on an organization.
• The NCSC’s method for assessing forgivable vs unforgivable vulnerabilities is based on the following factors:
  • Exploitability: The ease with which a vulnerability can be exploited.
  • Impact: The potential impact of a vulnerability on an organization.
  • Mitigatability: The ease with which a vulnerability can be mitigated.
• The NCSC recommends that organizations use this method to prioritize remediation efforts and to focus on addressing the most critical vulnerabilities first.

Related Information:

• NCSC article on ‘forgivable’ vs ‘unforgivable’ vulnerabilities
• NCSC guidance on vulnerability management
• Common Vulnerability Scoring System (CVSS)

About the NCSC:

The NCSC is the national authority for cyber security in the UK. It provides guidance and support to organizations on how to protect themselves from cyber attacks.

The AI has provided us with the news.

I’ve asked Google Gemini the following question, and here’s its response.

UK National Cyber Security Centre a new article on 2025-01-28 11:09 titled “A method to assess ‘forgivable’ vs ‘unforgivable’ vulnerabilities”. Please write a detailed article on this news item, including any relevant information. Answers should be in English.

71