Issue No. 06 - November/December (2006 vol. 4)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.145
Peter Mell , US National Institute of Standards and Technology
Sasha Romanosky , Carnegie Mellon University
Karen Scarfone , US National Institute of Standards and Technology
Vendors have historically used proprietary methods for scoring software vulnerabilities, usually without detailing their criteria or processes. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for consistently and accurately assessing and quantifying software vulnerabilities' impact on organizations.
vulnerability assessment, Common Vulnerabilities and Exposures, CVE, National Vulnerability Database, NVD
Peter Mell, Sasha Romanosky, Karen Scarfone, "Common Vulnerability Scoring System", IEEE Security & Privacy, vol. 4, no. , pp. 85-89, November/December 2006, doi:10.1109/MSP.2006.145