CVSS version 2 released
If you are involved in vulnerability management you are probably aware that back in 2005 the Common Vulnerability Scoring System (CVSS) came out to replace a hodge podge of vulnerability severity scoring systems. This was a big improvement over the minor-major-critical scale that was used before. Now according to this article on Security Focus, the Forum of Incident Response and Security Teams (FIRST) have come out with their long in progress version 2 of the CVSS. You can read the full history and definitions here.
I see no reason why version 2 of the CVSS will not be as widely adopted as the first, so you should familiarize yourself with the changes in the new version sooner than later. The National Vulnerability Database which has already assigned CVSS rankings to over 25k vulnerabilities has stepped up and lent its support to version 2 by the way.



Comments