First, it provides standardized vulnerability scores. In short, CVSS affords three important benefits. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes. The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability, and produce a numerical score reflecting its severity, as well as a textual representation of that score. Software, hardware and firmware vulnerabilities pose a critical risk to any organization operating a computer network, and can be difficult to categorize and mitigate. Sasha Romanosky (Carnegie Mellon University)įIRST would also like to thank Jennifer Daily for her creative design efforts, Deloitte & Touche LLP for their statistical assistance, Kacy Hangca (Neustar) for her tireless work facilitating our meetings, and Martin Lee (Cisco) for his analysis of nearly 30,000 CVSS v2.0 vectors assigned by 3 distinct vulnerability databases.įinally, FIRST and the CVSS SIG would like to acknowledge the contributions and leadership of Seth Hanford and Max Heitman, chairs of the CVSS SIG.Masato Terada (Information-Technology Promotion Agency, Japan).Jeffrey Heller (Sandia National Laboratories).Dale Rich (Depository Trust & Clearing Corporation).JSON and XML schema definitions available at įIRST sincerely wishes to recognize the contributions of the following CVSS Special Interest Group (SIG) members, and all those who have provided valuable comments, listed in alphabetical order: Reference implementation of the CVSS v3.0 equations, available at This guide covers the following aspects of the CVSS Calculator: Calculator Use, Changelog, Technical Design and XML Schema Definition. Includes examples of CVSS v3.0 scoring in practice. Includes further discussion of CVSS v3.0, a scoring rubric, and a glossary. Includes metric descriptions, formulas, and vector string. Resources & Linksīelow are useful references to additional CVSS v3.0 documents. Common Vulnerability Scoring System v3.0: Specification DocumentĪlso available in PDF format (316KiB).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |