Too Long; Didn't Read
Common Vulnerability Scoring System (CVSS) was devised in 2004 by the National Infrastructure Advisory Council (NIAC) The CVSS score is a way to assess the severity of a vulnerability. It consists of a base score assigned to a vulnerability, followed by the temporal and environmental scores. CVSS 3.1 standard, maintained by FIRST (Forum of Incident Response and Security Teams) explicitly clarifies “CVSS measures severity, not risk” The new version also accounts for concepts such as “vulnerability chaining”
Share Your Thoughts