The Common Vulnerability Scoring System (CVSS) is well known in the world of product security, development and IT. “The Common Vulnerability Scoring System provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity,” per FIRST’s definition.
In layman’s terms, CVSS is used to assign a common score to a discovered vulnerability to let people know, at a glance, how technically severe the vulnerability is and to provide vendors a starting point for assessing the risk of a vulnerability towards their product.
There are a number of scoring systems used across the industry, but CVSS is one of the most prominent and is used by Red Hat and many other organizations. Red Hat has long served as a contributor to the CVSS Special Interest Group (SIG) which is responsible for the creation, updating and support of the standard. The current version of the CVSS standard that is being used is version 3.1.
At FIRST.org’s 35th Annual FIRST Conference in early June 2023, it was announced that CVSS version 4.0 is ready for feedback from a wider audience. Major changes from v3.1 to v4.0 include the introduction of additional supplemental metrics, an increased focus on safety’s effect on a vulnerability, and increased clarity and granularity for many of the existing metrics and overall score. Please view FIRST’s announcement page for a complete list of the changes.
On behalf of the CVSS SIG, we invite all of our partners and associates to test out the new calculator, review the specification documents and submit your feedback! The SIG would greatly appreciate hearing from as many CVSS users as possible so the standard can best reflect the needs of the CVSS community.
Resources for the new standard, including a mock calculator and guidance documentation, can be found on FIRST’s official CVSS v4.0 Public Preview information page.
Additional resources
Sobre el autor
Austin Kimbrell began working at Red Hat in 2021, but his interest in networking and security stems back to college, where he majored in Computer Science concentrating on Networking and Security. He has worked as a developer, evaluator and product security engineer since 2014 when he had his first co-op internship and graduated in 2015 from University of the Pacific.
Más similar
Navegar por canal
Automatización
Las últimas novedades en la automatización de la TI para los equipos, la tecnología y los entornos
Inteligencia artificial
Descubra las actualizaciones en las plataformas que permiten a los clientes ejecutar cargas de trabajo de inteligecia artificial en cualquier lugar
Nube híbrida abierta
Vea como construimos un futuro flexible con la nube híbrida
Seguridad
Vea las últimas novedades sobre cómo reducimos los riesgos en entornos y tecnologías
Edge computing
Conozca las actualizaciones en las plataformas que simplifican las operaciones en el edge
Infraestructura
Vea las últimas novedades sobre la plataforma Linux empresarial líder en el mundo
Aplicaciones
Conozca nuestras soluciones para abordar los desafíos más complejos de las aplicaciones
Programas originales
Vea historias divertidas de creadores y líderes en tecnología empresarial
Productos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Servicios de nube
- Ver todos los productos
Herramientas
- Training y Certificación
- Mi cuenta
- Soporte al cliente
- Recursos para desarrolladores
- Busque un partner
- Red Hat Ecosystem Catalog
- Calculador de valor Red Hat
- Documentación
Realice pruebas, compras y ventas
Comunicarse
- Comuníquese con la oficina de ventas
- Comuníquese con el servicio al cliente
- Comuníquese con Red Hat Training
- Redes sociales
Acerca de Red Hat
Somos el proveedor líder a nivel mundial de soluciones empresariales de código abierto, incluyendo Linux, cloud, contenedores y Kubernetes. Ofrecemos soluciones reforzadas, las cuales permiten que las empresas trabajen en distintas plataformas y entornos con facilidad, desde el centro de datos principal hasta el extremo de la red.
Seleccionar idioma
Red Hat legal and privacy links
- Acerca de Red Hat
- Oportunidades de empleo
- Eventos
- Sedes
- Póngase en contacto con Red Hat
- Blog de Red Hat
- Diversidad, igualdad e inclusión
- Cool Stuff Store
- Red Hat Summit