LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is CVSS and what are its benefits?

The Common Vulnerability Scoring System — an open standard that turns a vulnerability's traits into a 0-10 severity score everyone can compare.

CVSS hub fanning to Base (intrinsic), Temporal (changes over time), Environmental (deployment-specific).

* CVSS builds its 0-10 score from three metric groups — Base, Temporal, Environmental. *

CVSS = Common Vulnerability Scoring System

A way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity, plus a textual representation.

Three benefits of CVSS:

  1. Standardized vulnerability scores - consistent across organizations
  2. Open framework - publicly available, transparent methodology
  3. Enables prioritized risk - helps decide what to fix first

CVSS severity scale:

Score Severity Action
9.0 - 10.0 Critical Fix immediately
7.0 - 8.9 High Fix within days
4.0 - 6.9 Medium Fix within weeks
0.1 - 3.9 Low Fix when convenient

Usage: CVSS scores appear in CVE databases (NVD) and security advisories. When assessing a vulnerability, always check NVD for its CVSS score.

See: CVSS Calculator (FIRST.org) | NVD (National Vulnerability Database)

Go deeper:

From Quiz: SPRG / Mitigation and Risk Analysis | Updated: Jul 14, 2026