This resource is no longer available
The Problem with CVSS Scores and What It Means for Vulnerability Management Programs
CVSS scoring was designed to streamline the exchange of vulnerability information between the industry stakeholders. The idea was to assign a severity score from 1 to 10, as a way of objectively measuring of the severity of any given vulnerability.
However, some organizations rely on CVSS scores as their primary tool for prioritizing tasks. In this article, discover why this approach is problematic and how to appropriately supplement CVSS scores to enhance vulnerability remediation.