AI Actions prompt: Customized CVE scoring

Custom vulnerability scoring often requires teams to manually combine data from multiple metrics, such as CVSS scores, exploit and patch availability, and recency of discovery, to assess risk and prioritize actions. This prompt simplifies this process by automating the calculation of a tailored risk score based on the factors you care about most. By leveraging this prompt, teams can create automated scoring systems and save time while ensuring more consistent and effective prioritization.

Prompt

After scoring, create a comprehensive table summarizing all CVEs. 

Include the following columns:

| CVE and article reference | CVSS Score | Overall Score | Score Breakdown (Recency + Exploitation + Patch + Impact) | Affected Products | Exploit Availability | Patch Link | Attack Vector | Mitigation
|:-------:|:-----------:|:--------------:|:---------------------:|:------------------------:|:--------------:|:-----------------:|:--------------:|:------------------:|:-----------------:|  
| [CVE Code](https://feedly.com/i/cve/CVE_Code)and article reference | Enter CVSS score or propose one if unavailable | Computed score | `Recency + Exploitation + Patch + Impact` | Extract product names if mentioned | Specify availability if mentioned | Provide patch link if mentioned | Describe vector if mentioned | Summarize mitigation if mentioned

Response

We ran this prompt against articles covering new vulnerabilities released over the past 7-days from vendors we track (Our Tech Stack). This AI prompt applied the custom scoring criteria specified against all CVEs mentioned in the feed. It’s important to note that the output is customizable based on the prompt; for instance, some customers choose to show different columns or add a recommended action section below the table.