0 citations0 references

Common Vulnerability Scoring System

IEEE Security & Privacy2006Vol. 4(6), pp. 85–89

Citations Over TimeTop 1% of 2006 papers

Peter Mell, Karen Scarfone, Sasha Romanosky

Abstract

Historically, vendors have used their own methods for scoring software vulnerabilities, usually without detailing their criteria or processes. This creates a major problem for users, particularly those who manage disparate IT systems and applications. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for assessing and quantifying the impact of software vulnerabilities. Organizations currently generating CVSS scores include Cisco, US National Institute of Standards and Technology (through the US National Vulnerability Database; NVD), Qualys, Oracle, and Tenable Network Security. CVSS offers the following benefits: 1) standardized vulnerability scores, 2) contextual scoring and 3) open framework. The goal is for CVSS to facilitate the generation of consistent scores that accurately represent the impact of vulnerabilities

Related Papers

→ A Quantitative Assessment of the Detection Performance of Web Vulnerability Scanners(2022)4 cited
→ A contemporary approach to network vulnerability assessment(2005)2 cited
Research of Buffer Overflow Vulnerability Discovering Analysis and Exploiting(2013)
→ Vulnerability management and vulnerability assessment as a means of cybersecurity(2020)