all InfoSec news
Inconsistencies in the Common Vulnerability Scoring System (CVSS)
Schneier on Security www.schneier.com
Interesting research:
Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities
Abstract: The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most severe (critical) value. The goal of CVSS is to provide comparable scores across different evaluators. However, previous works indicate that CVSS might not reach this goal: …
academic papers common vulnerability scoring system cvss evaluation management popular process research score scoring security severity study system vulnerabilities vulnerability vulnerability management