To date, a number of commercial computer security vendors and not-for-profit organizations have developed, promoted, and implemented systems to rank information system vulnerabilities. Unfortunately, there is no cohesion or interoperability among those systems and they are limited in scope as to what they cover. This document proposes an open and universal vulnerability scoring system to address and solve these shortcomings, with the ultimate goal of promoting a common language to discuss vulnerability severity and impact.
Mike Schiffman, Gerhard Eschelbeck, Andrew Wright, Dave Ahmad, Sasha Romanosky, others
Page last updated: Wed Jun 8 11:44:04 PDT 2005
A Complete Guide to The Common Vulnerability Scoring System
Back to Papers