The Common Vulnerability Scoring System (CVSS) Special Interest Group (SIG), in which Cisco is an active participant, acting on behalf of FIRST.org, has published a preview of the upcoming CVSS v3.0 scoring standard. The CVSS v3.0 preview represents a near final version and includes metric and vector strings, formulas, scoring examples and a v3.0 calculator – all available at the CVSS v3.0 development site. The official public comment period is scheduled to end February 28, 2015 and anyone who produces or consumes CVSS scores are encouraged to review and provide feedback to email@example.com by the close of the comment period.
What is CVSS – (the Common Vulnerability Scoring System)? How can it help me manage risk – and why is it an important step forward in security research? In this short video Gavin Reid CVSS Program Chair share’s his perspective on the vulnerability scoring standard