Vulnerable software exposure assessment

What is claimed is: 1 . A computer-implemented method comprising: while maintaining, via a software asset management (SAM) system, a database of software assets associated with an enterprise: identifying a vulnerable software asset; obtaining a descriptor of the vulnerable software asset; mapping the descriptor of the vulnerable software asset to a portion of the database of software assets; and determining a likelihood that the vulnerable software asset is associated with the enterprise based on the mapping. 2 . The computer-implemented method of claim 1 , further comprising identifying the portion of the database of software assets by determining that the portion of the database of software assets matches within a specific degree to the descriptor of the vulnerable software asset. 3 . The computer-implemented method of claim 1 , wherein the descriptor of the vulnerable software asset is mapped to the portion of the database of software assets through approximate string matching. 4 . The computer-implemented method of claim 1 , wherein the database of software assets is maintained in an agentless manner without analyzing runtime software flows on devices associated with the enterprise. 5 . The computer-implemented method of claim 1 , wherein the software asset is identified as the vulnerable software asset based on data accessed through a database of standards-based vulnerability management data, solutions data published by a software developer, vulnerability data manually input by a user, a software bill of materials (SBOM) associated with the software asset, or a combination thereof. 6 . The computer-implemented method of claim 1 , wherein the descriptor of the vulnerable software asset is identified from a Common Vulnerabilities and Exposures (CVE) entry associated with the software asset, a Common Platform Enumeration (CPE) entry associated with the software asset, an SBOM associated with the software asset, or a combination thereof. 7 . The computer-implemented method of claim 1 , further comprising: accessing an entry of the vulnerable software asset in a structured naming scheme; extracting an identification of a publisher and an identification of a product name of the vulnerable software asset from the entry as part of determining the descriptor of the vulnerable software asset; mapping the identification of the publisher and the identification of the product name of the vulnerable software asset to the portion of the database of software assets; and determining the likelihood that the vulnerable software asset is associated with the enterprise based on the mapping of the identification of the publisher and the identification of the product name of the vulnerable software asset to the portion of the database of software. 8 . The computer-implemented method of claim 1 , further comprising: accessing an entry of the vulnerable software asset in a structured naming scheme; extracting an identification of a version and an identification of an edition of the vulnerable software asset from the entry as part of obtaining the descriptor of the vulnerable software asset; mapping the identification of the version and the identification of the edition of the vulnerable software asset to the portion of the database of software assets; and determining the likelihood that the vulnerable software asset is associated with the enterprise based on the mapping. 9 . The computer-implemented method of claim 8 , further comprising: applying a machine learning model based on the identification of the version and the identification of the edition of the vulnerable software to determine a plurality of build versions of the vulnerable software asset; mapping the plurality of build versions of the vulnerable software asset to the portion of database of software assets; and determining the likelihood that the vulnerable software asset is associated with the enterprise based on the mapping. 10 . The computer-implemented method of claim 1 , further comprising: determining an identification of a publisher of the vulnerable software asset, an identification of a product name of the vulnerable software asset, an identification of a version of the vulnerable software asset, an identification of an edition of the vulnerable software asset, a build version of the vulnerable software asset, or a combination thereof from an entry of the vulnerable software asset in a structured naming scheme as part of obtaining the descriptor of the vulnerable software asset; mapping the identification of the publisher of the vulnerable software asset, the identification of the product name of the vulnerable software asset, the identification of the version of the vulnerable software asset, the identification of the edition of the vulnerable software asset, the build version of the vulnerable software asset, or the combination thereof to the portion of the database of software assets; and determining a numerical score indicative of the likelihood that the vulnerable software asset is associated with the enterprise based on the mapping. 11 . The computer-implemented method of claim 10 , further comprising determining the numerical score based on a degree to which the identification of the publisher of the vulnerable software asset, the identification of the product name of the vulnerable software asset, the identification of the version of the vulnerable software asset, the identification of the edition of the vulnerable software asset, the build version of the vulnerable software asset, or the combination thereof matches an entry in the database of software assets present in the enterprise. 12 . The computer-implemented method of claim 1 , further comprising: determining an identification of a software package associated with the vulnerable software asset as part of obtaining the descriptor of the vulnerable software asset; mapping the identification of the software package associated with the vulnerable software asset to the portion of the database of software assets; and determining the likelihood that the vulnerable software asset is associated with the enterprise based on the mapping. 13 . A system comprising: one or more processors; and at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to, while maintaining, via a software asset management (SAM) system, a database of software assets associated with an enterprise: identify a vulnerable software asset; obtain a descriptor of the vulnerable software asset; map the descriptor of the vulnerable software asset to a portion of the database of software assets; and determine a likelihood that the vulnerable software asset is associated with the enterprise based on the mapping. 14 . The system of claim 13 , wherein the instructions are further configured to cause the one or more processors to identify the portion of the database of software assets by determining that the portion of the database of software assets matches within a specific degree to the descriptor of the vulnerable software asset. 15 . The system of claim 13 , wherein the instructions are further configured to cause the one or more processors to map the descriptor of the vulnerable software asset to the portion of the database of software assets through approximate string matching. 16 . The system of claim 13 , wherein the database of software assets is maintained in an agentless manner without analyzing runtime software flows on devices associated wi