TLDR
Common Vulnerability Scoring System (CVSS) was devised in 2004 by the National Infrastructure Advisory Council (NIAC) The CVSS score is a way to assess the severity of a vulnerability. It consists of a base score assigned to a vulnerability, followed by the temporal and environmental scores. CVSS 3.1 standard, maintained by FIRST (Forum of Incident Response and Security Teams) explicitly clarifies “CVSS measures severity, not risk” The new version also accounts for concepts such as “vulnerability chaining”via the TL;DR App
no story
Written by ax | Security Researcher, Engineer, Tech Columnist | https://hey.ax/