Finding, managing and patching security vulnerabilities on any network, no matter the size, is a tall task.
In the first week of 2024 alone, there were 621 new common IT security vulnerabilities and exposures (CVEs) disclosed worldwide, covering a range of applications, software and hardware that could be on any given network.
Just looking at the raw number of security vulnerabilities that need to be mitigated or patched is going to be overwhelming for any IT team. So, at its most basic level, it’s easy to see why administrators and security researchers are drawn to the appeal of a singular data point that measures how severe a vulnerability is, distilled down to a scale of 0 – 10.
Most casual cybersecurity observers will be familiar with the basic terms like “critical,” “severe” or “moderate” when it comes to measuring how serious a particular vulnerability is – these are usually used in news articles or technical write-ups about a security issue when it becomes public and is based on a vulnerability’s CVSS score.
Now, the way those vulnerabilities are scored is changing, and many organizations are likely to adopt the newly created CVSS 4.0 this year with the hope of providing new context around how, exactly, vulnerabilities can be exploited and what type of risk they present to targets.
CVSS was created and is managed by the Forum of Incident Response and Security Teams (FIRST), a non-profit organization made up of incident response teams from government organizations and private companies.
FIRST describes the CVSS scoring system as “a way to capture the principal characteristics of a vulnerability and produce a nu ..
Support the originator by clicking the read the rest link below.
