Davis Security Advisor calculations
The Davis Security Advisor is displayed in Third-Party Vulnerabilities above the vulnerability list on the Third-party vulnerabilities page. It recommends the fixes that would most improve the overall security of your environment.
Each recommendation contains
- The library that needs to be updated (for example,
jackson-mapper-asl) - The library technology logo (for example, )
- The number of the most severe vulnerabilities that will be fixed after updating the library (for example,
Solves 1 critical) - The total number of vulnerabilities that will be fixed (for example,
4 vulnerabilities total).
Basis for calculation
To calculate recommended fixes, Davis Security Advisor takes into consideration all third-party vulnerabilities that are currently open and not muted; resolved or muted vulnerabilities aren't taken into account. Fixes are tailored to your environment and ranked based on how much they improve the overall security of your environment.
Grouping
Because every third-party vulnerability is triggered by a vulnerable library, those libraries are used for grouping. When calculating the advice, Davis Security Advisor ignores the specific version of the library. All shown libraries contain known vulnerabilities and should be updated to the latest version.
Advice ranking
Advice is ranked based on the severity of the third-party vulnerabilities. Advice regarding a critical vulnerability, for example, is ranked higher than advice for a high-severity vulnerability.
The severity of a vulnerability is calculated based on Davis Security Score, so you can focus on fixing vulnerabilities that are relevant in your environment, instead of on those that have only a theoretical impact.
Filtering
To filter by recommended fixes, see Filter third-party vulnerabilities by recommended fixes with Davis Security Advisor.