The Common Vulnerability Scoring System (CVSS) offers a way for companies to assess the fundamental features of a vulnerability and produce a numerical score showcasing its severity. The CVSS has proven to be beneficial to assess vulnerabilities and to standardize security policies. But, it has also shown some inadequacies in addressing the needs of users outside of traditional IT environments. 

Common Vulnerability Scoring System (SVSS) version 3.0 framework was the last one that was published by the organization responsible for creating it. It was created by the Forum of Incident Response and Security Teams (FIRST). 

Understanding Vulnerability Scoring

Threat actors make use of vulnerabilities for their attacks. By exploiting vulnerabilities, attackers can gain access to devices, networks and systems. Vulnerabilities enable attackers to steal corporate information and sell sensitive information. They can also eavesdrop to confidential communication.   

Common Vulnerability Scoring System (CVSS) allows companies to make use of a common language when dealing with vulnerability threats. Since it was created in 2003, CVSS has been widely implemented by many companies. 

"The day when Microsoft releases updates for their software to improve security."

What is...Patch Tuesday

Vulnerability is a weakness in software, hardware, procedures or personnel. But, not all vulnerabilities are the same. Some vulnerability has system administrators scrambling to deploy a patch, while some are not worth fixing. 

The way we identify, prioritize, and mitigate software vulnerabilities was built in reverse order. Why did it happen? How can we make things different?

The Common Vulnerability Scoring System (CVSS) offers software developers, security and IT experts with a standardized process for evaluating vulnerabilities. CVSS can be used to evaluate the threat level of each vulnerability and then prioritize mitigation accordingly. This article explains the way CVSS works, which includes a review of its components and describes the importance of using a standardized process for evaluating vulnerabilities.