Quiz Entry - updated: 2026.07.14
What is CVSS and what are its benefits?
The Common Vulnerability Scoring System — an open standard that turns a vulnerability's traits into a 0-10 severity score everyone can compare.
* CVSS builds its 0-10 score from three metric groups — Base, Temporal, Environmental. *
CVSS = Common Vulnerability Scoring System
A way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity, plus a textual representation.
Three benefits of CVSS:
- Standardized vulnerability scores - consistent across organizations
- Open framework - publicly available, transparent methodology
- Enables prioritized risk - helps decide what to fix first
CVSS severity scale:
| Score | Severity | Action |
|---|---|---|
| 9.0 - 10.0 | Critical | Fix immediately |
| 7.0 - 8.9 | High | Fix within days |
| 4.0 - 6.9 | Medium | Fix within weeks |
| 0.1 - 3.9 | Low | Fix when convenient |
Usage: CVSS scores appear in CVE databases (NVD) and security advisories. When assessing a vulnerability, always check NVD for its CVSS score.
See: CVSS Calculator (FIRST.org) | NVD (National Vulnerability Database)
Go deeper:
CVSS v3.1 Specification (FIRST.org) — Base/Temporal/Environmental metric groups and score-to-severity mapping.
Common Vulnerability Scoring System (Wikipedia) — the metric-group history and how the severity bands evolved from v2 to v4.