Introduction
CVSS, or Common Vulnerability Scoring System, is a standardized framework used to assess and communicate the severity of software vulnerabilities. It provides a numerical score representing the vulnerability’s potential impact, helping security professionals and organizations prioritize their responses to security threats.
The CVSS score is based on various metrics, including the vulnerability’s exploitability, impact on confidentiality, integrity, availability, and other factors like mitigating controls. CVSS enables consistent and objective evaluation of vulnerabilities, aiding in effective vulnerability management and response strategies.
CVSS Past Versions and Progress Throughout the Years CVSS was first owned and managed by FIRST Inc., a US-based non-profit organization whose mission is to help computer security incident response teams worldwide.
This project has evolved through several versions, each introducing improvements and refinements to assess the severity of vulnerabilities better.
Versions of CVSS
CVSS Version 1.0
Introduced in 2005, CVSS 1.0 provided a basic framework for assessing vulnerabilities. It had a limited set of metrics and did not cover all aspects of a vulnerability’s impact or exploitability.
CVSS Version 2.0
Released in 2007, CVSS 2.0 introduced enhancements like a more detailed scoring system, improved metric definitions, and better granularity in scoring, allowing for a more accurate assessment of vulnerabilities.