1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to get CVSS right

Discussion in 'CSO' started by RSS, Apr 15, 2015.

  1. RSS

    RSS New Member Member

    For anyone dealing with software vulnerabilities, the CVE and CVSS are often their first stops in finding out the scope and details, and just about everything else they need to know about the specific vulnerability.

    Launched in 2007, the Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. Currently in version 2, with an update in version 3 in development, CVSS attempts to establish a measure of how much concern a vulnerability warrants, compared to other vulnerabilities, so efforts can be prioritized. The scores are based on a series of measurements, called metrics. The scores range from 0 to 10. High vulnerabilities are those with a base score in the range 7.0-10.0, medium in 4.0-6.9 and 0-3.9 are low.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page