CVSS, the Common Vulnerability Scoring System, is a popular open industry standard for evaluating vulnerabilities to assess their impact.
A bit of history
CVSS 1.0: Released in 2005
- First version of CVSS
- Based on two metric groups:
- Exploitability and Impact
CVSS 2.0: Released in 2007
- Added Temporal and Environmental metric groups
- Made several other changes to improve the accuracy and usefulness of the CVSS score
CVSS 3
- Released in 2015
- Based on three metric groups:
- Base: Exploitability, Impact, and Scope
- Temporal: Exploit code maturity, Remediation level, and Report confidence
- Environmental: attacker prerequisites, user interaction, and availability requirements
CVSS 3
- Each metric is assigned a score from 0 to 10, with 10 being the most severe
- The overall CVSS score is calculated using a formula that takes into account all of the metric scores
Views: 12
