Qualys TruRisk™ Key Attributes
The Qualys TruRisk™ model combines several key attributes:
- External threat intelligence: EPSS (Exploit Prediction Scoring System) and CVSS (Common Vulnerability Scoring System) scores that predict exploitation likelihood
- Known exploit data: CISA Known Exploited Vulnerabilities (KEV) catalog indicating active exploitation
- Internal business context: Asset criticality to compute a TruRisk Score for each vulnerability and asset for better risk categorization
- Real-time intelligence: Current threat landscape and exploit availability
This multi-factor approach generates risk scores that reflect both technical severity and business context, enabling better prioritization. For example, a critical vulnerability on an isolated asset might score lower than a medium-severity vulnerability on an internet-facing production system.
This represents a shift from reactive patching of all high-CVSS vulnerabilities to proactive management of actual organizational risk.