At SecureSphere, we have been asked what CVSS is and what the score of 0 – 10 means.<\/p>\n\n\n\n
So, we thought this might help answer some of those questions.<\/p>\n\n\n\n
CVSS stands for the Common Vulnerability Scoring System. It’s a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way. The goal of CVSS is to help compare vulnerabilities in different applications \u2013 and from different vendors – in a standardized, repeatable, vendor agnostic approach.<\/p>\n\n\n\n
The SANS Institute has a very good write up on how the CVSS system works. See: https:\/\/www.sans.org\/blog\/what-is-cvss\/<\/p>\n\n\n\n
To make a long story \/ article short, basically the CVSS system scores a vulnerability from 0 – 10 using the following levels:
0 – None
0.1 to 3.9 – Low
4.0 to 6.9 – Medium
7.0 to 8.9 – High
9.0 to 10.0 – Critical<\/p>\n\n\n\n
The following is taken into account to generate the score:<\/p>\n\n\n\n
While CVSS is an important tool for determining which vulnerabilities to remediate first, it’s only one piece of a much larger vulnerability management puzzle. Organizations should use multiple sources of information to assess and prioritize vulnerabilities, not just CVSS scores.<\/p>\n\n\n\n
By using the CVSS score in conjunction with other information, you can make better informed decisions about which vulnerabilities to address and in what order.<\/p>\n\n\n\n
Thanks to the SANS Institute for the well written article the above has been taken from.<\/p>\n","protected":false},"excerpt":{"rendered":"
At SecureSphere, we have been asked what CVSS is and what the score of 0 – 10 means. So, we thought this might help answer<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[27,18],"tags":[16,17,26],"class_list":["post-160","post","type-post","status-publish","format-standard","hentry","category-cyber-vulnerability-awareness","category-cybersecurity-awareness","tag-cybersecurity","tag-cybersecurityawareness","tag-cybervulnerabilityawareness"],"_links":{"self":[{"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/posts\/160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/comments?post=160"}],"version-history":[{"count":1,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/posts\/160\/revisions"}],"predecessor-version":[{"id":161,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/posts\/160\/revisions\/161"}],"wp:attachment":[{"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/media?parent=160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/categories?post=160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/tags?post=160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}