CVSS is short for Common Vulnerability Scoring System and is according to Wikipedia a technical standard for assessing the severity of vulnerabilities in computing systems. Typically you use an online CVSS calculator, click a few checkboxes and radio buttons and then you magically get a number from 0 to 10. There are also different versions … Continue reading CVSS is dead to us →
Daniel Stenberg says the scores are “security misinformation”.
Maybe they should have a combo number would get us closer. But, still, the actual governing body must be completely impartial and logical in their rating. But also, we have to make a reality check on the priority of the rating in our own environments. Using your example, a 10 rating might be a 1 for that airgapped machine—judgement call.
Maybe they should have a combo number would get us closer. But, still, the actual governing body must be completely impartial and logical in their rating. But also, we have to make a reality check on the priority of the rating in our own environments. Using your example, a 10 rating might be a 1 for that airgapped machine—judgement call.