NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

CVSS-SIG Version 2 History

Published

Author(s)

Peter M. Mell, Karen A. Scarfone, Gavin Reid

Abstract

This document attempts to interpret the history and rationale behind changes made in the Common Vulnerability Scoring System (CVSS) from version 1 to version 2 (referred to as CVSS v1 and v2 in this document.) This document contains multiple appendices that provide a historic record of the stages and subsequent rationale that led to the developed standard; however, it is not intended as a CVSS user guide. For detailed how-to information, please see the complete CVSS Guide.
Citation
FIRST
Pub Weblink
http://www.first.org/cvss/history.html
Pub Type
Websites

Download Paper

Local Download

Keywords

Security metrics, vulnerabilities, vulnerability scoring
Cybersecurity and privacy

Citation

Mell, P. , Scarfone, K. and Reid, G. (2007), CVSS-SIG Version 2 History, FIRST, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51199, http://www.first.org/cvss/history.html (Accessed October 8, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 30, 2007, Updated February 19, 2017
Was this page helpful?