CVSS, DREAD, and MITRE ATT&CK calculators

This page contains:

Calculators

Dradis ships with three calculators by default: CVSS, DREAD, and MITRE ATT&CK. You can access any of them by clicking the corresponding tab in the Issue view.

Dradis calculator tabs user interface

CVSS score calculator

Dradis now supports CVSSv3, CVSSv3.1, and CVSSv4. Our Common Vulnerability Scoring System Calculator is heavily inspired by FIRST.

The Dradis CVSS score calculator is included as a tab when browsing individual Issues. Click on the tab to access the calculator and edit its values. You can select v3.0, v3.1, or v4.0 of the CVSS Calculator with the toggle in the top right.

Dradis CVSS calculator editor

Alternatively, from the projects page, you can navigate to Tools > Risk Calculators - CVSS in the header to access the instance-wide Dradis CVSS score calculator.

Then, copy/paste the output in the right hand sidebar into the corresponding Issue in your Dradis project or IssueLibrary entry.

Dradis CVSS calculator instance-wide mode

CVSSv4

Select the correct values for:

  • Base: Attack Vector, Attack Complexity, Attack Requirements, Privileges Required, User Interaction, Vulnerable System Confidentiality, Vulnerable System Integrity, Vulnerable System Availability, Subsequent System Confidentiality, Subsequent System Integrity, Subsequent System Availability

  • Supplemental: Safety, Automatable, Recovery, Value Density, Vulnerability Response Effort, Provider Urgency

  • Environmental: Modified Attack Vector, Modified Attack Complexity, Modified Attack Requirements, Modified Privileges Required, Modified User Interaction, Modified Vulnerable System Confidentiality, Modified Vulnerable System Integrity, Modified Vulnerable System Availability, Modified Subsequent System Confidentiality, Modified Subsequent System Integrity, Modified Subsequent System Availability, Confidentiality Requirements, Integrity Requirements, Availability Requirements

  • Threat: Exploit Maturity

Then, click the "Update Issue" button to update the corresponding Issue in your Dradis project with the data from the calculator.

Note that the calculator uses the CVSSv4.BaseVector field to pre-populate the form. If you later edit your Issue manually and change some of the calculator values, other items such as CVSS score and Severity will not update accordingly. If you change the CVSSv4.BaseVector field, the changes should be reflected across all relevant fields.

CVSSv3 and CVSSv3.1

Select the correct values for:

  • Base: Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, Confidentiality, Integrity, Availability.

  • Temporal: Exploit Code Maturity, Remediation Level, Report Confidence

  • Environmental: Confidentiality Requirement, Integrity Requirement, Availability Requirement, Modified Attack Vector, Modified Attack Complexity, Modified Privileges Required, Modified User Interaction, Modified Scope, Modified Confidentiality, Modified Integrity, Modified Availability

Then, click the "Update Issue" button to update the corresponding Issue in your Dradis project with the data from the calculator.

Note that the calculator uses the CVSSv3.Vector field to pre-populate the form. If you later edit your Issue manually and change some of the calculator values, other items such as CVSS score and Severity will not update accordingly. If you change the CVSSv3.Vector field, the changes should be reflected across all relevant fields.

DREAD score calculator

DREAD stands for (D)amage, (R)eproducibility, (E)xploitability, (A)ffected users, (D)iscoverability and is a common risk assessment model introduced by Microsoft.

Select the correct values for Damage Potential, Affected users or systems, Reproducibility, Exploitability, and Discoverability.

Dradis DREAD calculator editor

Alternatively, from the projects page, you can navigate to Tools > Risk Calculators - DREAD in the header to access the instance-wide Dradis DREAD score calculator.

Then, copy/paste the output in the right hand sidebar into the corresponding Issue in your Dradis project or IssueLibrary entry.

Dradis DREAD calculator editor instance-wide mode

MITRE ATT&CK calculator

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a curated knowledge base of real-world cyber adversary behavior, based on threat intelligence and incident reporting. It provides a framework for describing how attackers operate across various stages of an intrusion, helping defenders detect, assess, and mitigate threats effectively. Learn more at MITRE ATT&CK.

Once you select a Tactic, the calculator will load the associated list of Techniques, followed by Sub-Techniques based on your selection. You can include Enterprise, Mobile, and ICS data all within the same Issue.

Dradis MITRE ATT&CK calculator editor

Alternatively, from the projects page, you can navigate to Tools > Risk Calculators - MITRE ATT&CK in the header to access the instance-wide Dradis MITRE ATT&CK calculator.

Then, copy/paste the output in the right hand sidebar into the corresponding Issue in your Dradis project or IssueLibrary entry.

Dradis MITRE ATT&CK calculator editor instance-wide mode

Disabling the calculators

Want to remove the calculators from view to de-clutter your workspace? Navigate to Tools, then Tools Manager, and you have the option to disable either or both of the calculators:

Dradis Integration and Tool Manager interface showing how to disable installed calculators

Next help article: Add attachments →

Seven Strategies To Differentiate Your Cybersecurity Consultancy

You don’t need to reinvent the wheel to stand out from other cybersecurity consultancies. Often, it's about doing the simple things better, and clearly communicating what sets you apart.

  • Tell your story better
  • Improve your testimonials and case studies
  • Build strategic partnerships

Your email is kept private. We don't do the spam thing.