Enrichment & Prioritisation
A list of CVEs sorted by severity is a starting point, not a strategy. The enrichment layer adds real-world exploitation data to every finding so your team can focus remediation effort where it matters most — on vulnerabilities that are actually being exploited, not just theoretically severe.
Enrichment sources
Raw vulnerability data is enriched with two additional data sources:
Exploit prediction scoring
Every CVE is assigned a probability score between 0 and 1 indicating how likely it is to be exploited in the wild within the next 30 days. This score is computed from a model maintained by FIRST.org that analyses historical exploitation patterns, vulnerability characteristics, and threat intelligence signals.
A vulnerability with a score of 0.95 is far more urgent than one with 0.02 — even if both share the same CVSS severity. The percentile ranking lets you compare any given CVE against the entire vulnerability landscape.
Active exploitation intelligence
Findings are cross-referenced against a catalogue of vulnerabilities known to be actively exploited by threat actors. This catalogue is maintained by a government cybersecurity agency and updated daily.
When a vulnerability in your dependencies appears in this catalogue, it is flagged prominently in the report. These findings represent the highest priority — they are not theoretical risks but confirmed active threats.
Prioritisation model
The combination of CVSS severity, exploitation probability, and active exploitation status creates a layered prioritisation model:
| Signal | What it tells you |
|---|---|
| CVSS score | How severe the vulnerability is in theory |
| Exploitation probability | How likely it is to be exploited in the next 30 days |
| Active exploitation | Whether it is currently being exploited in the wild |
A medium-severity vulnerability that is actively exploited and has a high exploitation probability should be treated with more urgency than a critical-severity vulnerability with no known exploitation activity. This layered approach prevents teams from chasing CVSS scores alone and directs attention to genuine, immediate threats.