Common Vulnerability Scoring System

TLDR

Vendors historically used proprietary vulnerability scoring methods lacking transparency, creating problems for users managing diverse IT systems. CVSS aims to provide a transparent, consistent framework for assessing and quantifying software vulnerability impact. CVSS is a public framework adopted by organizations such as Cisco, NVD, Qualys, Oracle, and Tenable to generate standardized vulnerability scores. CVSS delivers standardized, context‑aware, open vulnerability scores.

Abstract

Historically, vendors have used their own methods for scoring software vulnerabilities, usually without detailing their criteria or processes. This creates a major problem for users, particularly those who manage disparate IT systems and applications. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for assessing and quantifying the impact of software vulnerabilities. Organizations currently generating CVSS scores include Cisco, US National Institute of Standards and Technology (through the US National Vulnerability Database; NVD), Qualys, Oracle, and Tenable Network Security. CVSS offers the following benefits: 1) standardized vulnerability scores, 2) contextual scoring and 3) open framework. The goal is for CVSS to facilitate the generation of consistent scores that accurately represent the impact of vulnerabilities

References

Page 1

	Year	Citations

Page 1