Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVSS-SIG Version 2 History



Peter M. Mell, Karen A. Scarfone, Gavin Reid


This document attempts to interpret the history and rationale behind changes made in the Common Vulnerability Scoring System (CVSS) from version 1 to version 2 (referred to as CVSS v1 and v2 in this document.) This document contains multiple appendices that provide a historic record of the stages and subsequent rationale that led to the developed standard; however, it is not intended as a CVSS user guide. For detailed how-to information, please see the complete CVSS Guide.


Security metrics, vulnerabilities, vulnerability scoring


Mell, P. , Scarfone, K. and Reid, G. (2007), CVSS-SIG Version 2 History, FIRST, [online],, (Accessed May 26, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created July 30, 2007, Updated February 19, 2017