CSOonline

Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken?

The soon-to-be-released scoring system update has promise, but challenges remain for it to deliver exactly what CISOs need to get ahead of the latest vulnerabilities. Anyone in cybersecurity who has ...
Bleeping Computer

New CVSS 4.0 vulnerability severity rating standard released

The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the ...
Dark Reading

Why Do We Need Real-World Context to Prioritize CVEs?

Question: The CVSS severity rating seems to lack real-world context. How can a company prioritize fixes in such a situation? Shachar Menashe, Senior Director, JFrog Security Research: Security teams ...
Dark Reading

Discrepancies Discovered in Vulnerability Severity Ratings

A new study this week is sure to raise more questions for enterprise security teams on the wisdom of relying on vulnerability scores in the National Vulnerability Database (NVD) alone to make patch ...
Security

Tenable announces enhancements for Nessus risk prioritization

Tenable today announced new risk prioritization and compliance features for Tenable Nessus. Nessus supports new and updated vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and ...
heise online

Vulnerability assessment: Open source developer renews criticism of CVSS and CVE

Daniel Stenberg, inventor and main developer of the open source command line tool cURL, has once again criticized the CVE (Common Vulnerabilities and Exposures) ecosystem in a blog post. The focus of ...
CSOonline

EPSS explained: How does it compare to CVSS?

The Exploit Prediction Scoring System has its shortcomings, but it can complement CVSS to help better prioritize and assess vulnerability risk. The Common Vulnerability Scanning System (CVSS) is the ...