Team for Research in
Ubiquitous Secure Technology

The Common Vulnerability Scoring System (CVSS)
Mike Schiffman

Citation
Mike Schiffman. "The Common Vulnerability Scoring System (CVSS)". Talk or presentation, 10, November, 2005.

Abstract
To date, a number of commercial computer security vendors and not-for-profit organizations have developed, promoted, and implemented systems to rank information system vulnerabilities. Unfortunately, there is no cohesion or interoperability among those systems and they are limited in scope as to what they cover. This presentation discusses an open and universal vulnerability scoring system to address and solve these shortcomings, with the ultimate goal of promoting a common language to discuss vulnerability severity and impact. More can be found at http://www.first.org/cvss.

Electronic downloads


Internal. This publication has been marked by the author for TRUST-only distribution, so electronic downloads are not available without logging in.
Citation formats  
  • HTML
     Mike Schiffman. <a
    href="http://www.truststc.org/pubs/10.html"
    ><i>The Common Vulnerability Scoring System
    (CVSS)</i></a>, Talk or presentation,  10,
    November, 2005.
  • Plain text
     Mike Schiffman. "The Common Vulnerability Scoring
    System (CVSS)". Talk or presentation,  10, November,
    2005.
  • BibTeX
    @presentation{Schiffman05_CommonVulnerabilityScoringSystemCVSS,
        author = { Mike Schiffman},
        title = {The Common Vulnerability Scoring System (CVSS)},
        day = {10},
        month = {November},
        year = {2005},
        abstract = {To date, a number of commercial computer security
                  vendors and not-for-profit organizations have
                  developed, promoted, and implemented systems to
                  rank information system vulnerabilities.
                  Unfortunately, there is no cohesion or
                  interoperability among those systems and they are
                  limited in scope as to what they cover. This
                  presentation discusses an open and universal
                  vulnerability scoring system to address and solve
                  these shortcomings, with the ultimate goal of
                  promoting a common language to discuss
                  vulnerability severity and impact. More can be
                  found at <a
                  href="http://www.first.org/cvss">http://www.first.org/cvss</a>. },
        URL = {http://www.truststc.org/pubs/10.html}
    }
    

Posted by Christopher Brooks on 16 Nov 2005.
Groups: trustseminar
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.