Brilhante, Maria de FátimaPestana, Pedro DuarteRocha, Maria LuísaSequeira, FernandoHenriques-Rodrigues, L.Menezes, R.Faria, S.2026-01-082026-01-082024Fátima Brilhante, M., Pestana, P., Luísa Rocha, M., Sequeira, F. (2024). Risk Assessment of Vulnerabilities Exploitation. In: Henriques-Rodrigues, L., Menezes, R., Machado, L.M., Faria, S., de Carvalho, M. (eds) New Frontiers in Statistics and Data Science. Springer Proceedings in Mathematics & Statistics, vol 469. Springer, Cham.978-3-031-68949-9http://hdl.handle.net/10400.2/20710Using the Kolmogorov–Smirnov, Cramér–von Mises and Anderson– Darling tests, and the not so commonly applied Vuong’s test, it is shown that a two components hyperlog-logistic distribution, i.e., a mixture of two geo-max-stable log-logistic distributions, provides a good fit for the time from disclosure to update of vulnerabilities sampled from the CVEdetails.com database. It is also shown that the hyperlog-logistic distribution provides a better fit than a heavy-tailed distribution of maxima, or a log-logistic distribution, or even a heavy-tailed two components hyperexponential distribution. Moreover, ways of incorporating uncertainty and of modeling vulnerabilities lifecycle into the Common Vulnerabilities Scoring System (CVSS), the most widely used score to assess severity of vulnerabilities, are discussed, in order to obtain an improved CVSS calculator and the evolution of a score over time.engVulnerabilitiesVulnerability Life-CycleHeavy-Tailed DistributionsHyperlog-logistic DistributionCVSS Modifierbook part10.1007/978-3-031-68949-9_6