Mell, P.
, Kent, K.
and Romanosky, S.
(2006),
Common Vulnerability Scoring System, IEEE Security & Privacy, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50899
(Accessed April 18, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Common Vulnerability Scoring System
Published
Author(s)
, Karen Kent Scarfone, Sasha Romanosky
Abstract
Organizations struggle to assess the relative importance of software vulnerabilities across disparate hardware and software platforms. They must prioritize vulnerabilities and remediate those that pose the greatest risk. However, most software vendors and security organizations use their own proprietary methods to assign scores to the impact of vulnerabilities, making it infeasible for organizations to translate scores consistently and make sound business decisions. The Common Vulnerability Scoring System (CVSS) is a public initiative intended to address this issue. It consists of a well-defined set of metrics and simple equations, and there is accompanying documentation to assist analysts in scoring vulnerabilities and to assist organizations in using the scores. However, CVSS must overcome significant technical and policy issues to reduce barriers to entry and become a ubiquitous vulnerability scoring system.Citation
IEEE Security & Privacy
Pub Type
Journals
Download Paper
Keywords
Common Vulnerability Scoring System (CVSS), FISMA, National Vulnerability Database, vulnerability
Citation
Created December 29, 2006, Updated June 2, 2021