Introduction to CVSS

Read the CVSS FAQ ! Or consult the Complete Guide to The Common Vulnerability Scoring System.

The Common Vulnerability Scoring System, a NIAC research project, was recently unveiled and the completed report posted on The Department of Homelands Securitys web site on 23 February 2005. This rating system is designed to provide open and universally standard severity ratings of software vulnerabilities.

It is the intention of NIAC to create a global framework for disclosing information about security vulnerabilities. For CVSS to be recognized and generally accepted will require not only support from major players in the Information Technology Industry, but also international coordination and communication to ensure successful implementation, education and on-going development of the scoring system. There is a critical need to help organizations appropriately prioritize security vulnerabilities across their constituency. The lack of a common scoring system has security teams worldwide solving the same problems with little or no coordination.