« The Clintons do the Sopranos | Main | Tim Greene finds out - when it comes to NAC - who is the boss »

June 20, 2007

CVSS version 2 released

If you are involved in vulnerability management you are probably aware that back in 2005 the Common Vulnerability Scoring System (CVSS) came out to replace a hodge podge of vulnerability severity scoring systems.  This was a big improvement over the minor-major-critical scale that was used before. Now according to this article on Security Focus, the Forum of Incident Response and Security Teams (FIRST) have come out with their long in progress version 2 of the CVSS.  You can read the full history and definitions here.

I see no reason why version 2 of the CVSS will not be as widely adopted as the first, so you should familiarize yourself with the changes in the new version sooner than later.  The National Vulnerability Database which has already assigned CVSS rankings to over 25k vulnerabilities has stepped up and lent its support to version 2 by the way.

Posted at 09:03 PM in vulnerability management |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200e0098406958833

Listed below are links to weblogs that reference CVSS version 2 released:

» CVSS v2 Official from .:Computer Defense:.
Anyone whos worked with CVSS knows that it has some serious flaws Today we can change that statement to had some serious flaws, at least until we find problems with CVSS v2 which was announced today (via SSAATY). The incorporated changes ... [Read More]

Tracked on Jun 21, 2007 12:03:15 AM

Comments

My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search

Attend a Computer Forensics Boot Camp to better your skills and become a better worker

Categories

Track my blog stats

Blog powered by TypePad
Member since 10/2005

About