Exploitability is a series of metrics in CVSS 3.0 that describe how difficult it would be for an attacker to exploit a vulnerability. In this section, you will learn how to define the four areas of vulnerability and how these relate to the ease of exploitation of the threat.

To understand the importance of exploitability, consider an example from the retail world. A generally acknowledged principle in retail is that shrinkage (or shoplifting) increases if it is easier to do. For most people, the value that's gained from an attack is rarely worth the effort or risk of being caught. In the same way, the easier it is to exploit a vulnerability and conduct an attack, the more likely it is to happen, and therefore the more dangerous the vulnerability is.