DTVSS Calibration Search Calculator Calibration About Tiers Security

How k = 15 was chosen

The DTVSS formula multiplies severity, patient harm, and a temporal amplification factor (1 + k·L(t)).

How DTVSS uses EPSS as a continuous amplification factor →

The constant k was calibrated against 96 real medical device CVEs as the lowest integer value satisfying four clinical criteria defined in the provisional patent. A re-run against a 362-CVE superset drawn from the current live CISA ICSMA index returns the same k.

Lowest k
15
Filing set
96CVEs
Live superset
362CVEs

The four criteria

The provisional patent defines four clinical discrimination criteria that any calibrated k must satisfy. The criteria were designed before the value of k was picked; they encode what the scoring is required to do, not what any particular integer happens to produce.

(i) CVE-2017-12718 (Plum 360 infusion pump) must score ≥ 8.0 CRITICAL
(ii) Low-risk CVEs (B ≤ 1.5, L ≤ 0.002) must stay ≤ 5.5 MEDIUM
(iii) CVE-2020-11896 (Treck Ripple20) must score ≥ 8.0 CRITICAL
(iv) The score span across the full dataset must be ≥ 4.0 points

Criterion (i) guarantees the formula recognises clinically-deployed exploitable infusion pump vulnerabilities. Criterion (ii) prevents score inflation on low-exploitability workstation-class findings. Criterion (iii) anchors known-exploited IP stack flaws at Critical. Criterion (iv) ensures the scale actually discriminates between device classes rather than compressing everything toward one value.

The sweep

Each row below shows an integer value of k. Green cells mark criteria that pass at that k. The lowest row where all four are green is the calibrated value.

Passes Fails Lowest all-pass
k (i) Plum 360 ≥ 8.0 (ii) Low-risk ≤ 5.5 (iii) Ripple20 ≥ 8.0 (iv) Span ≥ 4.0

Values are criterion scores at each k on the 96-CVE filing dataset. Criterion (i): score of CVE-2017-12718. Criterion (ii): highest score among CVEs with B ≤ 1.5 and L ≤ 0.002. Criterion (iii): score of CVE-2020-11896. Criterion (iv): score span across the full dataset. Sweep shown for k = 1 to 20; all rows from k = 21 to 30 continue to pass.

The binding constraint

Three of the four criteria pass at values well below 15. The one that binds is criterion (i): CVE-2017-12718, a buffer overflow in the ICU Medical Plum 360 infusion pump, must reach the Critical tier (score ≥ 8.0). At k = 14 it scores 7.60. At k = 15 it scores 8.03.

CVE-2017-12718 score Critical threshold (8.0) k = 14.93 (crossing) k = 15 (lowest integer)
0 2 4 6 8 10 DTVSS score 0 5 10 15 20 25 30 k (temporal amplification constant)
CLOSED-FORM DERIVATIONDTVSS = (2.20 / 10) · (7.5 / 10) · (1 + k · 0.2577) · 10 = 1.65 · (1 + 0.2577 · k) DTVSS ≥ 8.0 ⇒ k ≥ 14.93 Lowest integer: k = 15

Out-of-sample validation

The 96-CVE dataset was frozen at the time of patent filing (April 2026). A re-run against the current live CISA ICSMA index, 362 CVEs of which 323 are Class IIb and 39 are Class III, 3.8 times larger, returns k = 15 as well. The binding constraint in criterion (i) uses patent-frozen inputs, so the calibration is stable under dataset expansion; the fact that it survives a near-quadrupling of the corpus is the evidence that k = 15 is not a small-sample artefact.

Filing · 96 CVEs
Score span9.62 L(t) score changes95 of 96 L(t) tier crossings34 KEV-overridden1
Live · 362 CVEs
Score span9.84 Class IIb323 Class III39 Lowest satisfying k15

KEV note. CVEs in the CISA KEV catalog are forced to score 10.0 post-scoring regardless of k, so they are excluded from the "L(t) score changes" statistic. The filing dataset contains 1 such CVE (CVE-2020-11899, Treck Ripple20, in CISA KEV since 2022-03-03). Excluding it leaves 95 non-KEV CVEs, all 95 of which change score when L is zeroed, hence "95 of 96."

Snapshot. Filing dataset frozen 2026-04-09 (EPSS snapshot 2026-04-08). Live superset drawn from the current ICSMA index. L(t) values drift daily by design; the 96-CVE set is frozen for reproducibility.

Reproduce it

All inputs are public. The calibration runs offline in under a second against the committed dataset. To re-validate against a live ICSMA snapshot, the same script can rebuild the dataset from the current index and fetch EPSS from FIRST.org.

$ git clone https://github.com/d3matr1x/dtvss-web.git && cd dtvss-web $ python3 calibrate_k.py → Lowest integer k satisfying all four criteria: k = 15
Calibration verified on every commit.
A continuous integration workflow runs calibrate_k.py against the frozen 96-CVE dataset on every push and pull request, and asserts that the eight patent-binding values in results.json reproduce exactly. Drift breaks the build. View CI runs →
Source: github.com/d3matr1x/dtvss-web

References

FIRST - CVSS v3.1 Specification Document FIRST - Exploit Prediction Scoring System (EPSS) CISA - Known Exploited Vulnerabilities Catalog CISA - ICS Medical Advisories (ICSMA) NVD - CVE-2017-12718 (ICU Medical Plum 360) NVD - CVE-2020-11896 (Treck Ripple20) NVD - CVE-2020-11899 (Treck Ripple20, KEV-listed)
© 2026 Andrew Broglio · DTVSS™ · Patent Pending - IP Australia
Licensed under BSL 1.1 · Non-commercial use permitted · Commercial licence required for production use
Search · Calculator · Calibration · About · Tiers · Security
RESEARCH PREVIEW - Tier 1 is a non-commercial research demonstration. Not a certified medical device risk management tool. Commercial licence required for production use.