Issue No.06 - November/December (2006 vol.4)
Peter Mell , US National Institute of Standards and Technology
Karen Scarfone , US National Institute of Standards and Technology
Sasha Romanosky , Carnegie Mellon University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.145
Vendors have historically used proprietary methods for scoring software vulnerabilities, usually without detailing their criteria or processes. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for consistently and accurately assessing and quantifying software vulnerabilities' impact on organizations.
vulnerability assessment, Common Vulnerabilities and Exposures, CVE, National Vulnerability Database, NVD
Peter Mell, Karen Scarfone, Sasha Romanosky, "Common Vulnerability Scoring System", IEEE Security & Privacy, vol.4, no. 6, pp. 85-89, November/December 2006, doi:10.1109/MSP.2006.145