(also Common Vulnerability Scoring System)
CVSS, or Common Vulnerability Scoring System, is an industry-standardized framework calculating the numerical score of specific vulnerabilities based on their characteristics and properties. The scoring system can then reflect the numerical expression in a qualitative representation (low, medium, high, or critical) to help assess and prioritize vulnerability management processes.
In development since 2005, it is a well-crafted standard measurement framework for individuals, organizations, industries, or governments that need accurate and consistent vulnerability results.
Why is CVSS beneficial?
- The system provides a consistent measurement of vulnerability scores. In the past, companies or organizations used their own methods to calculate a software vulnerability score. It has led to the need to standardize and simplify a scheme that allows system administrators to accurately determine the impact and severity of vulnerabilities in different IT environments.
- An open framework allows organizations to access the parameters used to calculate the vulnerability indicator and understand how the measurement works. Familiarity with the system helps security teams assess the impact of vulnerabilities and decide which vulnerabilities to fix first.
- CVSS leads to a better understanding of the organization's vulnerability risks. It allows system developers to apply security tests during development to eliminate or mitigate known vulnerabilities.