TruRisk™ Score and QDS in Container Security

TruRisk™ Score is the overall risk score associated with the asset based on the following contributing factors:

1. Asset Criticality Score (ACS) - Indicates criticality level of your asset from 1 (lowest) to 5 (highest) 
2. Qualys Detection Score (QDS) -  Indicates risk score for each severity level (Critical [C], High [H], Medium [M], Low [L])
3. Weighing factor (w) - Auto-assigned weighing factor (w) for each severity level of QIDs

Qualys Detection Score (QDS)

The Qualys Detection Score (QDS) is assigned to vulnerabilities detected by Qualys. QDS has a range from 1 to 100 and with four severity levels:

• Low: 1-39
• Medium: 40-69
• High: 70-89
• Critical: 90-100

QDS is derived from the following factors:

1. Vulnerability technical details (CVSS score): The highest Qualys Vulnerability Score (QVS) for CVEs is associated with the QID.
2. Vulnerability temporal details: Monitors external threat intelligence details for a vulnerability and collect data like Exploit Code Maturity (ECM), malware, active threat actors, and if a threat is trending.
3. Vulnerability remediation details (CIDs): Applies mitigation controls to mitigate the risk from the vulnerability. Vulnerabilities that have applied mitigation controls via Qualys compliance modules will have reduced risk scores.

Formula for QDS Calculation

QDS is calculated considering maximum QVS of all CVEs in a case of a QID, or maximum QDS of all QIDs in case of an asset.

For QID:
QDS = MAX [QVS (ALL_CVEs)]

For Asset:
QDS = MAX [QDS (ALL_QIDs)]

Qualys TruRisk™ Score

TruRisk™ Score is calculated for your Images, and Containers based on a pre-defined formula.

TruRisk™ Score is measured in a range between 0 to 1000 where: 

• 0 - 499 score indicates low risk
• 500 - 699 score indicates medium risk
• 700 - 849 score indicates high risk
• 850 - 1000 score indicates critical risk

Formula for TruRisk™ Calculation

The below formula is used to calculate the TruRisk™ Score of your image or container.

TruRisk™ Score = MIN(1000, ACS * (w_c* Avg(QDS_c) * Pow(count(QDS_c), 0.01) + w_h* Avg(QDS_h) * Pow(count(QDS_h), 0.01) + w_m* Avg(QDS_m) * Pow(count(QDS_m), 0.01) + w_l* Avg(QDS_l) * Pow(count(QDS_l), 0.01) ))

Viewing TruRisk™ score and QDS

The Assets > Containers and Assets > Images tabs show you respective asset information with the TruRisk™ score associated with the asset. Whereas, Vulnerabilities page displays QDS associated with each vulnerability.

You can see the QDS associated with vulnerabilities found in your image by clicking on the respective TruRisk™ Score.

To see more details of the QDS, click the QDS present in the respective QID entry.