The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities (see https://nvd.nist.gov/vuln-metrics/cvss).
CVSS enables IT managers, vulnerability bulletin providers, security vendors, application vendors, and researchers to all benefit by adopting this common language of scoring IT vulnerabilities.
CVSS consists of three groups: Base, Temporal, and Environmental. Each group produces a numeric score ranging from 0 to 10, and a Vector; a compressed textual representation that reflects the values used to derive the score.
| • | The Base group represents the intrinsic qualities of a vulnerability. |
| • | The Temporal group reflects the characteristics of a vulnerability that changes over time. |
| • | The Environmental group represents the characteristics of a vulnerability that are unique to any user's environment. |
For details on interpreting a CVSS vector, refer to https://www.first.org/cvss/specification-document.
Secunia Advisories include a Secunia derived CVSS score and vector, as well as a link to an implementation of the NIST CVSS calculator so that a user can adjust temporal and environmental metrics for advisories that match your Watch Lists. For more information, see CVSSv3 Score.
The National Vulnerability Database (NVD) CVSS score/vector for each relevant CVE contained in an Advisory is also shown, and is similarly linked to the NIST CVSS calculator.
Software Vulnerability Research Help LibraryMay 2019 |
Copyright Information | Flexera |