FIRST Selected to Lead Scoring Standard for Security Vulnerabilities Scoring System

The biggest challenge facing any new standard is the universal adoption of the standard. In order to address the inconsistency of scoring metrics for vulnerabilities...

Common Vulnerability Scoring System (CVSS), an Alternative to Vendor-specific Rating Systems

RESEARCH TRIANGLE PARK, NC - May 11, 2005. The biggest challenge facing any new standard is the universal adoption of the standard. In order to address the inconsistency of scoring metrics for vulnerabilities, the National Infrastructure Advisory Council (NIAC), a group that provides security information on critical infrastructure, selected the Federation of Incident Response team (FIRST), to be the custodian of the Common Vulnerability Scoring System (CVSS), an emerging standard in vulnerability scoring. The lack of a common scoring system has security teams worldwide solving the same problems with little or no coordination.

New Rating System for Software Vulnerabilities – CVSSThe Common Vulnerability Scoring System (CVSS) is a new vendor-agnostic rating system that provides open and universally standard severity ratings for software vulnerabilities. CVSS is designed to convey vulnerability severity and help determine urgency and priority of response.Gavin Reid, FIRST CVSS Project Manager and member of the Computer Security Incident Response Team, Cisco Systems, Inc., said, “CVSS solves the problem of multiple, incompatible scoring systems and is usable and understandable by anyone. Because the framework is in its first-generation stage, there is a need for active participation and feedback within the global IT community during the implementation and testing phases.” Reid adds, “FIRST’s goal is to increase the scoring system's usability and acceptance among the industry.”

About FIRST

FIRST believes that a global approach towards adoption of the new standard is the best strategy, FIRST is uniquely qualified through the international collaboration occurring within the organization on a regular basis to both promote the adoption of CVSS both inside and outside of its membership and to maintain the standard going forward. As part of its mission, FIRST encourages and promotes the development of quality security products, policies & services and computer security best practices. For CVSS, FIRST will host a special interest group to update and promote CVSS while providing a central repository for CVSS documentation.

How You Can Help

IT specialists interested in finding out how they can participate should visit the global perspective page at http://www.first.org/cvss

Wed, 11 May 2005 06:05:00 +0000

FIRST Selected to Lead Scoring Standard for Security Vulnerabilities Scoring System

The biggest challenge facing any new standard is the universal adoption of the standard. In order to address the inconsistency of scoring metrics for vulnerabilities...

Common Vulnerability Scoring System (CVSS), an Alternative to Vendor-specific Rating Systems


RESEARCH TRIANGLE PARK, NC - May 11, 2005. The biggest challenge facing any new standard is the universal adoption of the standard. In order to address the inconsistency of scoring metrics for vulnerabilities, the National Infrastructure Advisory Council (NIAC), a group that provides security information on critical infrastructure, selected the Federation of Incident Response team (FIRST), to be the custodian of the Common Vulnerability Scoring System (CVSS), an emerging standard in vulnerability scoring. The lack of a common scoring system has security teams worldwide solving the same problems with little or no coordination.

New Rating System for Software Vulnerabilities – CVSS