CVSSv3 and DREAD calculators

CVSSv3 score calculator

Our Common Vulnerability Scoring System Version 3 (CVSSv3) Calculator is heavily inspired by the one provided by FIRST.

The Dradis CVSSv3 score calculator is included as a tab when browsing individual Issues. Click on the tab to access the calculator and edit its values. You can select v3.0 or v3.1 of the CVSSv3 Calculator with the toggle in the top right.

Select the correct values for:

Base: Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, Confidentiality, Integrity, Availability.

Temporal: Exploit Code Maturity, Remediation Level, Report Confidence

Environmental: Confidentiality Requirement, Integrity Requirement, Availability Requirement, Modified Attack Vector, Modified Attack Complexity, Modified Privileges Required, Modified User Interaction, Modified Scope, Modified Confidentiality, Modified Integrity, Modified Availability

Then, click the "Update Issue" button to update the corresponding Issue in your Dradis project with the data from the calculator.

Note that the calculator uses the CVSSv3.Vector field to pre-populate the form. If you later edit your Issue manually and change some of the calculator values, other items such as CVSS score and Severity will not update accordingly. If you change the CVSSv3.Vector field, the changes should be reflected across all relevant fields.

DREAD score calculator

DREAD stands for (D)amage, (R)eproducibility, (E)xploitability, (A)ffected users, (D)iscoverability and is a common risk assessment model introduced by Microsoft.

You can add a DREAD rating to an existing issue by navigating to the DREAD tab in the issue and clicking Edit to access the Dradis DREAD score calculator.

Select the correct values for Damage Potential, Affected users or systems, Reproducibility, Exploitability, and Discoverability.

Alternatively, you can navigate to /pro/calculators/dread in your Dradis host to access the instance-wide Dradis DREAD score calculator.

Then, copy/paste the output in the right hand sidebar into the corresponding Issue in your Dradis project or IssueLibrary entry.

Disabling the calculators

Want to remove the calculators from view to de-clutter your workspace? Go to Configuration, then Configure plugins, and you have the option to disable either or both of the calculators by setting their value of show to 0.

Next help article: Add attachments →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.