For many IT experts, the second Tuesday of every month signifies a busy day or the start of a busy few days. However, should that be the case? Patch Tuesday, as it’s known, is when many big technology vendors release software updates that address the security defects that have been discovered in the previous weeks.

Besides death and taxes, there seems to be one more thing we can rely on as certain—software vulnerabilities.

An Overview of CVSS Score

The Common Vulnerability Scoring System (CVSS) is the industry standard for scoring the severity of a vulnerability. In this article, we will take a closer look at this score. 

The Common Vulnerability Scoring System (CVSS) offers a way for companies to assess the fundamental features of a vulnerability and produce a numerical score showcasing its severity. The CVSS has proven to be beneficial to assess vulnerabilities and to standardize security policies. But, it has also shown some inadequacies in addressing the needs of users outside of traditional IT environments. 

Common Vulnerability Scoring System (SVSS) version 3.0 framework was the last one that was published by the organization responsible for creating it. It was created by the Forum of Incident Response and Security Teams (FIRST). 

Common Vulnerability Scoring System (CVSS) allows companies to make use of a common language when dealing with vulnerability threats. Since it was created in 2003, CVSS has been widely implemented by many companies. 

"The day when Microsoft releases updates for their software to improve security."

What is...Patch Tuesday

Vulnerability is a weakness in software, hardware, procedures or personnel. But, not all vulnerabilities are the same. Some vulnerability has system administrators scrambling to deploy a patch, while some are not worth fixing.