Risk-Prioritization

CVE (Common Vulnerabilities and Exposures) is the global identifier standard for publicly disclosed software and hardware vulnerabilities. This SECMONS glossary entry explains CVE structure, who assigns CVEs, how CVEs relate to CVSS and CWE, and how teams use CVEs for patching, risk, and incident response.

CVSS (Common Vulnerability Scoring System) is the industry-standard framework used to score the severity of cybersecurity vulnerabilities. This SECMONS glossary entry explains CVSS v3.1 structure, base metrics, vectors, scoring ranges, and how defenders should interpret CVSS in real-world risk decisions.

“Exploited in the wild” indicates that a vulnerability is actively being used in real-world attacks outside controlled research environments. This SECMONS glossary entry explains what qualifies as in-the-wild exploitation, how vendors confirm it, and how defenders should respond operationally.

Vulnerability Management is the continuous process of discovering, assessing, prioritizing, and remediating security weaknesses across systems and applications. This SECMONS glossary entry explains how vulnerability management works, how it differs from patch management, and how organizations reduce real-world risk.

A zero-day vulnerability is a software flaw that is exploited before a patch is available or before the vendor is aware of it. This SECMONS glossary entry explains what qualifies as a zero-day, how it differs from n-day vulnerabilities, how zero-days are weaponized, and how defenders should respond.