Common Assessing and Rating Security Vulnerability Systems
I. Common Vulnerability Scoring System ( CVSS) CVSS is a framework for assessing and rating the severity of security vulnerabilities. It provides a standardized method for measuring the impact and exploitability of vulnerabilities, enabling organizations to prioritize their response and allocate resources accordingly. The framework assigns a numerical score f rom 0 to 10 (the most severe vulnerability). CVSS consists of three metric groups: 1. Base Metrics: These metrics evaluate the intrinsic qualities of a vulnerability, such as the attack vector, complexity, and impact on the system. The base score reflects the fundamental characteristics of the vulnerability. 2. Temporal Metrics: These metrics capture the aspects of a vulnerability that may change over time, such as the availability of exploit code, the remediation level, and the urgency of applying patches. The temporal score reflects the current state of the vulnerability. 3. Environmental Metrics: These metrics allow ...