Common Vulnerability Scoring System (SVSS) version 3.0 framework was the last one that was published by the organization responsible for creating it. It was created by the Forum of Incident Response and Security Teams (FIRST). 

Understanding Vulnerability Scoring

Threat actors make use of vulnerabilities for their attacks. By exploiting vulnerabilities, attackers can gain access to devices, networks and systems. Vulnerabilities enable attackers to steal corporate information and sell sensitive information. They can also eavesdrop to confidential communication.   

Common Vulnerability Scoring System (CVSS) allows companies to make use of a common language when dealing with vulnerability threats. Since it was created in 2003, CVSS has been widely implemented by many companies. 

"The day when Microsoft releases updates for their software to improve security."

What is...Patch Tuesday

Sacramento, CA - Beyond Security, a global leader in automated penetration testing and vulnerability scanning, today announced their technology partnership with Vicarius, an Israel-based vulnerability prioritization, and remediation company. This partnership will extend the detection and response capabilities of beSECURE by leveraging Vicarius’ TOPIA 0-day analysis engine, usage-based threat prioritization, and patchless protection for an all-in-one threat mitigation solution.

Vulnerability is a weakness in software, hardware, procedures or personnel. But, not all vulnerabilities are the same. Some vulnerability has system administrators scrambling to deploy a patch, while some are not worth fixing. 

The way we identify, prioritize, and mitigate software vulnerabilities was built in reverse order. Why did it happen? How can we make things different?

The Common Vulnerability Scoring System (CVSS) offers software developers, security and IT experts with a standardized process for evaluating vulnerabilities. CVSS can be used to evaluate the threat level of each vulnerability and then prioritize mitigation accordingly. This article explains the way CVSS works, which includes a review of its components and describes the importance of using a standardized process for evaluating vulnerabilities.