CVSS
The Common Vulnerability Scoring System (literally translated: "General Vulnerability Scoring System "), abbreviated CVSS , is an industry standard for assessing the severity of possible or actual security gaps in computer systems. In the CVSS, security gaps are assessed and compared according to various criteria, so-called metrics , so that a priority list for countermeasures can be drawn up. CVSS is not itself a system for warning of security gaps, but a standard for making various description and measurement systems compatible with one another and generally understandable. However, this goal is not achieved even through multiple revisions of the standard, since identical security gaps are still assessed differently by different actors.
CVSS was commissioned in 2005 by the National Infrastructure Advisory Council (NIAC), a working group of the US Department of Homeland Security , and is currently overseen by the Forum of Incident Response and Security Teams . The current chair of the CVSS-SIG team is David Ahmad from Symantec . The following are involved in the development of CVSS: CERT , Cisco , DHS / MITER , eBay , IBM , Microsoft , Qualys , Symantec. CVSS is also supported by HP , McAfee , Oracle , and Skype . In June 2007 the second version of the scoring system was published. Revisions. With CVSSv3.0, the system was relaunched in June 2015 and, in addition to various revisions to the metrics, includes the introduction of keywords for the severity levels (none / low / medium / high / critical) as well as operating instructions and sample reports linked to them.
See also
- Common Criteria for Information Technology Security Evaluation (IEC, ISO)
- Common Weakness Scoring System (CWSS ™, MITER)
- Common Vulnerabilities and Exposures (CVE, ITU)
Web links
- the Forum of Incident Response Teams FIRST CVSS site
- National Vulnerability Database NVD CVSS site
- Common Vulnerability Scoring System Version 3.0 Calculator
- Common Weakness Scoring System Version 1.0.1 Calculator
- Security-Database online CVSS 2.0 calculator
- A list of early adopters
- All software / hardware vulnerabilities are CVSS scored and can be viewed at the NVD site
- Security-Database vulnerabilities dashboard scored with CVSS and other Open Standards CVE, CPE, CWE, CAPEC, OVAL
swell
- ↑ a b c Archive link ( Memento from March 8, 2011 in the Internet Archive )
- ^ CVSS rating for Meltdown and Specter . January 8, 2018 ( isc2.org [accessed May 16, 2018]).
- ↑ CVE-2017-5753 | SUSE. Retrieved May 16, 2018 .
- ↑ CVE-2017-5753 - Red Hat Customer Portal. Retrieved May 16, 2018 .
- ↑ Multiple Intel CPU's information disclosure CVE-2017-5753 Vulnerability Report. Retrieved May 16, 2018 .
- ↑ NVD - CVE-2017-5753. Retrieved May 16, 2018 .
- ↑ http://www.first.org/cvss
- ↑ Archive link ( Memento from November 22, 2010 in the Internet Archive )
- ↑ Archive link ( Memento from March 25, 2011 in the Internet Archive )
- ↑ https://www.first.org/cvss/specification-document#i5