Common Vulnerability Scoring System News

FIRST has officially published the latest version of the Common Vulnerability Scoring System (CVSS v4.0)

Wed, 01 Nov 2023 17:00:00 +0000

In June 2023, attendees at the 35th Annual FIRST Conference, in Montréal, Canada got a first-look preview of the new version of the Common Vulnerability Scoring System (CVSS), version 4.0. After two month of public comment followed by two months of addressing those comments, FIRST is proud to announce the official publication of CVSS version 4.0.

Understanding CVSS v3.1

Thu, 14 Nov 2019 00:00:00 +0000

Article on CVSS v3.1 on Security Boulevard, a syndicated blog post from WhiteSource. The article explains the changes made in CVSS v3.1, their importance, and how this scoring should figure in when looking at security vulnerabilities.

CVSS update addresses vulnerabilities in critical infrastructure sectors

Thu, 18 Jul 2019 00:00:00 +0000

An updated version of the Common Vulnerability Scoring System (CVSS) has been introduced, complete with new functionality to make it easier for security professionals to measure threats faced by critical infrastructure sectors, among other improvements.

FIRST publishes updated Common Vulnerability Scoring System for worldwide security teams

Fri, 12 Jul 2019 13:00:00 +0000

July 12th, 2019 - The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a common scoring system designed to provide open and universally standard severity ratings of software vulnerabilities for the security community. Used by organizations worldwide, version 3.1 documentation is now available on the FIRST website for members and non-members to reference.

FIRST Announces CVSS Version 3.1

Fri, 12 Jul 2019 00:00:00 +0000

The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS). CVSS is a widely adopted standard for rating the severity of software vulnerabilities, and it provides a framework for communicating the characteristics and impact of security flaws.

Scoring Cisco Security Vulnerabilities with CVSSv3

Thu, 19 Jan 2017 00:00:00 +0000

Cisco Blogs – Omar Santos of Cisco describes the value of using CVSSv3 to score security advisories that address security vulnerabilities in Cisco software

CVSS-SIG successful working meeting during the 20th annual FIRST conference

Mon, 07 Jul 2008 18:43:00 +0000

The Common Vulnerability Scoring System Special Interest Group (CVSS- SIG) had a very busy and successful working meeting during the 20th annual FIRST conference in Vancouver. We covered many of the CVSS use cases post v2 deployment - namely PCI and S-CAP - thanks for all the great participation.

FIRST CVSS-SIG meeting, Vancouver 2008

Fri, 20 Jun 2008 20:17:00 +0000

The Common Vulnerability Scoring System Special Interest Group (CVSS-SIG) has scheduled a working meeting during the 20th annual FIRST conference in Vancouver (June 22-27,2008). This meeting will take place on Monday, June 23rd 08:30-10:30 PST

New Scoring System Protects Credit Card Transactions

Sun, 11 Nov 2007 13:34:00 +0000

ScienceDaily — As this year's holiday season approaches, your credit card transactions may be a little more secure thanks to standards adopted by the payment card industry. The latest incarnation of these standards include the Common Vulnerability Scoring System (CVSS) Version 2 that was coauthored this year by researchers at the National Institute of Standards and Technology and Carnegie Mellon University in collaboration with 23 other organizations

The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems

Fri, 31 Aug 2007 16:41:00 +0000

NIST IR 7435 is published as final. CVSS provides an open framework for communicating the characteristics and impacts of IT vulnerabilities.

CVSS Version 2 Scoring with Nessus and the Passive Vulnerability Scanner

Thu, 19 Jul 2007 15:22:00 +0000

On Wednesday, August 15th, 2007, Tenable Network Security will begin converting CVSS base scores for Nessus and the Passive Vulnerability Scanner (PVS) plugins from version 1 to version 2. This blog entry discusses how some of the plugin severity...

CVSS Version 2 Scoring with Nessus and the Passive Vulnerability Scanner

Thu, 19 Jul 2007 15:22:00 +0000

A revised vulnerability rating system gains steam

Mon, 09 Jul 2007 21:00:00 +0000

A standardized system to rank computer system vulnerabilities has been revised to help IT managers make better decisions more quickly about potential threats [SearchWinIt.com]

A revised vulnerability rating system gains steam

Mon, 09 Jul 2007 21:00:00 +0000

A standardized system to rank computer system vulnerabilities has been revised to help IT managers make better decisions more quickly about potential threats [SearchWinIt.com]

New tool for testing application security

Tue, 26 Jun 2007 17:00:00 +0000

Standards-based system to rate vulnerabilities [Computerworld]

New tool for testing application security

Tue, 26 Jun 2007 17:00:00 +0000

Standards-based system to rate vulnerabilities [Computerworld]

NIST releases FISMA security control tools

Thu, 21 Jun 2007 05:24:00 +0000

The National Institute of Standards and Technology has released a suite of tools to help automate vulnerability management and evaluate compliance with federal IT security requirements.

NIST releases FISMA security control tools

Thu, 21 Jun 2007 05:24:00 +0000

The National Institute of Standards and Technology has released a suite of tools to help automate vulnerability management and evaluate compliance with federal IT security requirements.

National Vulnerability Database Version 2.0 - NVD Now Supports CVSS Version 2.0 (June 20, 2007)!!

Wed, 20 Jun 2007 22:00:00 +0000

NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance.

National Vulnerability Database Version 2.0 - NVD Now Supports CVSS Version 2.0 (June 20, 2007)!!

Wed, 20 Jun 2007 22:00:00 +0000

Flaw grading system graduates to next version

Wed, 20 Jun 2007 20:00:00 +0000

The Forum of Incident Response and Security Teams (FIRST) announced on Wednesday a revised version of the Common Vulnerability Scoring System (CVSS), which modifies the ranking system's recipe for judging the severity of software flaws.

Flaw grading system graduates to next version

Wed, 20 Jun 2007 20:00:00 +0000

New version of Common Vulnerability Scoring System released

Wed, 20 Jun 2007 02:00:00 +0000

Seville Spain – June 20, 2007: Millions of computer users worldwide will enjoy more secure virtual experiences and transactions with the advent today of CVSSv2 – the latest version of the Common Vulnerability Scoring System.

Magic Numbers or Snake Oil? The Common Vulnerability Scoring System

Wed, 30 May 2007 15:15:00 +0000

Can a single number sum up the full significance of a security vulnerability? The CVSS attempts to prove that it can, but it has its weak points.

Magic Numbers or Snake Oil? The Common Vulnerability Scoring System

Wed, 30 May 2007 15:15:00 +0000

Can a single number sum up the full significance of a security vulnerability? The CVSS attempts to prove that it can, but it has its weak points.

CVSS Scores and Calculators

Fri, 01 Dec 2006 14:25:00 +0000

Several sites provide easy ways to get CVSS scores. The major ones are listed on the SIG website.

FIRST Urges Wide-Scale Adoption of New Common Vulnerability Scoring System (CVSS)

Tue, 20 Sep 2005 00:53:00 +0000

The Forum of Incident Response and Security Teams (FIRST) a not-for-profit network of computer security incident response teams representing government, law enforcement, ...

FIRST Selected to Lead Scoring Standard for Security Vulnerabilities Scoring System

Wed, 11 May 2005 06:05:00 +0000

The biggest challenge facing any new standard is the universal adoption of the standard. In order to address the inconsistency of scoring metrics for vulnerabilities...

Call to Arms for Corporate Chiefs to Attend "Critical" Cyber Conference

Wed, 27 Apr 2005 19:18:00 +0000

Corporate executives from around the world were today being urged to attend a special conference on risk, to be staged this June in Singapore by FIRST, the world's premier force...