What is Common Vulnerability Scoring System (CVSS)?

Definition: The Common Vulnerability Scoring System (CVSS) is an open framework used worldwide for rating the severity of security vulnerabilities in software. Developed to provide a standardized method of describing the severity of computer system security vulnerabilities, CVSS scores assist in prioritizing the patching of software vulnerabilities. 

Scoring System Overview: 

  • Base Score: Evaluates the intrinsic qualities of a vulnerability that are constant over time and across user environments. 
  • Temporal Score: Reflects factors that change over time, such as the availability of exploits. 
  • Environmental Score: Considers the specific impact of the vulnerability on an individual organization, tailoring the Base and Temporal scores to a particular environment. 

CVSS Score Range: 

Scores range from 0 to 10, with higher values indicating a greater level of severity. For instance: 

  • 0-3.9: Low severity 
  • 4.0-6.9: Medium severity 
  • 7.0-8.9: High severity 
  • 9.0-10: Critical severity 

Importance of CVSS: 

  • Prioritization of Vulnerabilities: Helps organizations prioritize the patching of vulnerabilities based on the severity of the risk they pose. 
  • Standardized Risk Assessment: Offers a common language and standard for discussing the properties and impacts of IT vulnerabilities. 
  • Resource Allocation: Assists in making informed decisions about resource allocation for vulnerability mitigation. 

Limitations: 

  • Not a Holistic Measure: CVSS scores should not be the sole factor in determining the risk of a vulnerability, as they do not account for all aspects of risk. 
  • Dynamic Nature of Threats: The threat landscape is always evolving, and so the relevance of a CVSS score may change over time. 

The Common Vulnerability Scoring System is a crucial tool in the field of cybersecurity, offering a universal, standardized way of assessing and communicating the severity of security vulnerabilities. While invaluable for prioritizing response efforts, CVSS scores are best used as part of a broader, comprehensive risk management strategy. 

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Validate Risk Posture

Identify postural gaps by querying your security configuration

Eliminate False Positives

Reduce alert fatigue. Increase Security Effectiveness

Maintain Security Hygiene

Monitor the hygiene of your security solutions

Enhance zero-day Protection

Identify and distribute zero-day indicators of attack

Solutions

VERITI FOR Enterprises

increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

State of Enterprise Security Controls

DOWNLOAD Report >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Leadership Team

Meet the team

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs