Towards Improving CVSS
December 2018 • White Paper
This paper outlines challenges with the Common Vulnerability Scoring System (CVSS).
Software Engineering Institute
In this paper, the authors outline challenges with the Common Vulnerability Scoring System (CVSS) published standard and propose changes to improve it. This paper focuses on common misconceptions and misuses of CVSS. For an alternative system of vulnerability prioritization, see Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization.