Dark Reading

CVSS 4.0 Offers Significantly More Patching Context

The latest version of the Common Vulnerability Scoring System (CVSS version 4.0), released last week, should enable organizations to better assess and manage the risk that a security bug might pose to ...
Hosted on MSN

Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert.… The weakness – dubbed CVE-2024-20418 and made public yesterday ...
Hosted on MSN

Vulnerability scores, huh, what are they good for? Almost nothing

Aram Hovespyan, co-founder and CEO of security biz Codific, says that the rating systems for identifying security vulnerabilities and assessing threat risk need to be overhauled.… Having examined the ...
Infosecurity-magazine.com

A Case Against CVSS

The Common Vulnerability Scoring System (CVSS) is a vestigial standard used to determine the severity of a computer vulnerability. Originating from a time when cybersecurity was just establishing ...
heise online

Vulnerability assessment: Open source developer renews criticism of CVSS and CVE

Daniel Stenberg, inventor and main developer of the open source command line tool cURL, has once again criticized the CVE (Common Vulnerabilities and Exposures) ecosystem in a blog post. The focus of ...