Week 2 - Common Vulnerability Scoring System (CVSS)

 

Hi everyone!

Today I wanted to talk about CVSS and the benefits of adopting this into vulnerability management. CVSS is a public framework for assessing the severity of vulnerabilities in software. Each vulnerability is reviewed and scored between 0-10, with 10 being the highest risk. Using group metrics such as base (exploitability and impact), exploitability metrics (characteristic) of the piece of software), and temporal metrics (worst-case scenario). When conducting vulnerability scans, having a platform such as CVSS to identify the severity and impact of vulnerabilities helps with prioritization, especially with limited resources to remediate.

Thanks for reading, and I hope to you see you next time. Have a great day!