The Forum of Incident Response and Security Teams (FIRST) has today announced the availability of version 3 of the Common Vulnerability Scoring System (CVSS).
The new system is the latest update of the universal open and standardized method for rating IT vulnerabilities and determining the urgency of response.
Version 3 of CVSS has been under development for three years, with work initiated at the FIRST Conference in Malta in June 2012.
You can find the CVSS 3 calculator here.
The updated version includes enhancements such as: the promotion of consistency in scoring, the replacement of Scoring Tips in order to more clearly guide end users of CVSS, and consideration of the system in order to make it more applicable to modern concerns.
Seth Hanford, co-chair of the FIRST CVSSv3 working group said :
We hope that CVSS version 3 is clear, consistent and repeatable, and able to support the work of those who seek to understand, describe, compare, or evaluate IT vulnerabilities via a common scoring system
“Our aim has been to provide a system that is flexible enough to handle both the challenges that have emerged in vulnerability scoring in recent years, as well as those that we will see in the years to come.”
