RiskScore: Streamlining CVE Prioritization with Composite Risk Scoring
These articles are AI-generated summaries. Please check the original sources for full details.
I wanted to make prioritizing vulnerabilities cheaper and easier.
Jacob Cuthbertson developed RiskScore to consolidate CVSS, EPSS, and CISA KEV data into a single actionable metric. The tool offers a free tier of 100 requests per day to help security teams avoid the high costs of commercial threat intelligence.
Why This Matters
Traditional security workflows often rely solely on CVSS, which measures severity but fails to account for the likelihood of exploitation. While enterprise tools like Flashpoint offer this data for thousands of dollars, the lack of accessible, aggregated intelligence forces average security teams into manual data engineering that can take weeks.
Key Insights
- CVSS scores from NVD provide a base severity metric but lack real-world exploitation context (NVD, 2026).
- EPSS from FIRST calculates the probability of a CVE being exploited in the wild, adding a likelihood dimension (FIRST, 2026).
- CISA KEV integration confirms if a vulnerability is currently being used in active attacks (CISA, 2026).
- RiskScore generates a 0-100 composite value to prioritize critical threats like Log4Shell (CVE-2021-44228) which maxes out the scale.
- The Python SDK allows for bulk scoring of up to 100 CVEs in a single call to minimize network overhead.
Working Examples
Basic retrieval of a risk score for a single CVE.
from riskscore import RiskScoreClient
client = RiskScoreClient(api_key="YOUR_API_KEY")
result = client.get_cve("CVE-2021-44228")
print(result["cve_id"], result["risk_score"]["score"], result["risk_score"]["severity_label"])
# Output: CVE-2021-44228 100 CRITICALBulk scoring multiple CVEs in a single API request.
from riskscore import RiskScoreClient
client = RiskScoreClient(api_key="YOUR_API_KEY")
cve_ids = [
"CVE-2021-44228",
"CVE-2022-26134",
"CVE-2023-44487",
"CVE-2024-3400",
"CVE-2021-45046"
]
results = client.bulk_score(cve_ids)
for item in results:
score = item["risk_score"]["score"]
label = item["risk_score"]["severity_label"]
print(f"{item['cve_id']:20s} {score:3d} {label}")Practical Applications
- Use case: Automating triage in CI/CD pipelines by using the RiskScore Python SDK to block builds containing CVEs with scores above a specific threshold. Pitfall: Relying on raw CVSS alone may lead to ‘alert fatigue’ by flagging high-severity bugs that have zero probability of exploitation.
- Use case: Justifying emergency patch windows to stakeholders using the ‘plain_english’ explanation field to describe active ransomware use or EPSS percentiles. Pitfall: Manually looping individual get_cve requests for large datasets will quickly exhaust the 100 request/day free tier limit.
References:
Continue reading
Next article
Local AI Agent Monitoring: Replacing $340/Month Cloud Stacks with Self-Evolving Swarms
Related Content
AI News Weekly Summary: Mar 14 - Mar 22, 2026
LogVision pivots from a complex security dashboard to a lightweight visualizer, replacing greyscale text logs with interactive visual maps for... | RiskScore simplifies vulnerability triage by combining CVSS, EPSS, and CISA KEV into a single 0–100 composite score. | SmartFarmAI implements robust ten...
How Machine Learning and Semantic Embeddings Reorder CVE Vulnerabilities Beyond Raw CVSS Scores
Learn how machine learning and semantic embeddings improve CVE vulnerability prioritization, achieving a 75th percentile score in ML-driven risk assessment.
Automating Linux Vulnerability Scanning with Python and dpkg
Filter 41,000+ CVEs to identify actionable vulnerabilities on Linux servers using an 800-line Python matcher and dpkg version comparison.