Issue No. 06 - November/December (2006 vol. 4)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.145
Peter Mell , US National Institute of Standards and Technology
Karen Scarfone , US National Institute of Standards and Technology
Sasha Romanosky , Carnegie Mellon University
Vendors have historically used proprietary methods for scoring software vulnerabilities, usually without detailing their criteria or processes. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for consistently and accurately assessing and quantifying software vulnerabilities' impact on organizations.
vulnerability assessment, Common Vulnerabilities and Exposures, CVE, National Vulnerability Database, NVD
P. Mell, S. Romanosky and K. Scarfone, "Common Vulnerability Scoring System," in IEEE Security & Privacy, vol. 4, no. , pp. 85-89, 2006.