Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/abeusher/sharp-ideas.net/ideas/wp-includes/formatting.php on line 82
NIAC* and the Forum of Incident Response and Security Teams (FIRST) recently release information on a Common Vulnerability and Scoring System (CVSS). CVSS is “is a vendor agnostic, industry open standard designed to convey vulnerability severity and help determine urgency and priority of response. It solves the problem of multiple, incompatible scoring systems and is usable and understandable by anyone.” CVSS consists of three categories of measurement: base metrics which describe qualities intrinsict to any vulnerability, temporal metrics which measure the characteristics of a vulnerability over its lifetime, and environmental metrics which describe characteristics of a vulnerability which are tied to a specific implementation in a specific user’s environment.
Personally I think the CVSS is a bold step forward (beyond all of the FUD and hype that surrounds security information).
If you want more detail, feel free to check out the final report describing the CVSS.
*The National Infrastructure Advisory Council (NIAC) is an element of the Department of Homeland Security that advises the President on issues related to the security of information systems for public and private institutions.