FAIR Scoring
FAIR is a process for calculating the risk of a vulnerability as well as its impact to assets. While DREAD Scoring measures quantitative risk, FAIR Scoring measures qualitative risk. FAIR is easier to communicate to executives as it addresses the financial impact, but is complex to calculate.
It is an acronym for:
- Factor
- Analysis
- Information
- Risk
References:
- Tarandach, I., & Coles, M. J. (2020). Threat Modeling: A Practical Guide for Development Teams (1st ed.). O’Reilly Media.
- FAIR institute
Notes mentioning this note
Threat evaluation
Vulnerability Scoring
[[CVSS Scoring]]
[[Kubernetes Vulnerability Scoring]]
[[DREAD Scoring]]
[[FAIR Scoring]]