What is Common Vulnerability Scoring System (CVSS)?

Definition: The Common Vulnerability Scoring System (CVSS) is an open framework used worldwide for rating the severity of security vulnerabilities in software. Developed to provide a standardized method of describing the severity of computer system security vulnerabilities, CVSS scores assist in prioritizing the patching of software vulnerabilities. 

Scoring System Overview: 

  • Base Score: Evaluates the intrinsic qualities of a vulnerability that are constant over time and across user environments. 
  • Temporal Score: Reflects factors that change over time, such as the availability of exploits. 
  • Environmental Score: Considers the specific impact of the vulnerability on an individual organization, tailoring the Base and Temporal scores to a particular environment. 

CVSS Score Range: 

Scores range from 0 to 10, with higher values indicating a greater level of severity. For instance: 

  • 0-3.9: Low severity 
  • 4.0-6.9: Medium severity 
  • 7.0-8.9: High severity 
  • 9.0-10: Critical severity 

Importance of CVSS: 

  • Prioritization of Vulnerabilities: Helps organizations prioritize the patching of vulnerabilities based on the severity of the risk they pose. 
  • Standardized Risk Assessment: Offers a common language and standard for discussing the properties and impacts of IT vulnerabilities. 
  • Resource Allocation: Assists in making informed decisions about resource allocation for vulnerability mitigation. 

Limitations: 

  • Not a Holistic Measure: CVSS scores should not be the sole factor in determining the risk of a vulnerability, as they do not account for all aspects of risk. 
  • Dynamic Nature of Threats: The threat landscape is always evolving, and so the relevance of a CVSS score may change over time. 

The Common Vulnerability Scoring System is a crucial tool in the field of cybersecurity, offering a universal, standardized way of assessing and communicating the severity of security vulnerabilities. While invaluable for prioritizing response efforts, CVSS scores are best used as part of a broader, comprehensive risk management strategy. 

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Business Continuity

Reduce alert fatigue. Increase Security Effectiveness

MISCONFIGURATION MANAGEMENT

Proactively neutralize misconfigurations to minimize exposure risks

Mobilizing Threat Remediation

Identify and mobilize threat remediation across the security stack automatically.

GENERATIVE AI SECURITY

Chat with your environment to cut MTTR times drastically

Solutions

Safe Remediation

Ensure remediation actions do not give rise to additional exposures

MITRE ATT&CK®

Quickly respond to live threats with safe and precise remediation

VERITI FOR Enterprises

Increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

SEC AND THE BUSINESS

A security pro’s guide to exposure assessments and remediation

 

Read Whitepaper >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs