Security advisory essentials

  • Advisory structure: vulnerability type + CVE ID + CVSS score + affected component + impact + mitigation
  • CVSS: 0–10 severity (9–10 = Critical) based on exploitability + CIA impact + attack complexity
  • Description: attack vector + exploitation requirements + full impact scope
  • Mitigation: fixed version + upgrade command + interim workaround + config changes
  • Responsible disclosure: private notification → 90-day fix window → public disclosure after patch

Question 0 of 5

What is the primary purpose of a security advisory document?