• Common Vulnerability Scoring
System (CVSS) interpretation
- Attack vectors
- Attack complexity
- Privileges required
- User interaction
- Scope
- Impact
o Confidentiality
o Integrity
o Availability
• Validation - True/false positives
- True/false negatives
• Context awareness - Internal
- External
- Isolated
• Exploitability/weaponization
• Asset value
• Zero-day