The Qualys Detection Score (QDS) is assigned to vulnerabilities detected by Qualys. QDS has a range from 1 to 100 and with four severity levels:
- Critical: 90-100
- High: 70-89
- Medium: 40-69
- Low: 1-39
QDS is derived from the following factors:
a) Vulnerability technical details (CVSS score): The highest Qualys Vulnerability Score (QVS) for CVEs is associated with the QID.
b) Vulnerability temporal details: Monitors external threat intelligence details for a vulnerability and collect data like Exploit Code Maturity (ECM), malware, active threat actors, and if a threat is trending.
c) Vulnerability remediation details (CIDs): Applies mitigation controls to mitigate the risk from the vulnerability. Vulnerabilities that have applied mitigation controls via Qualys compliance modules will have reduced risk scores.
Note: If multiple CVEs contribute to a QID, the CVE with the highest score is considered for the QDS calculation.