More than eight years after the publication of CVSS v3.0 in June 2015, the Forum of Incident Response and Security Teams (FIRST) has formally released CVSS v4.0, the next iteration of the Common Vulnerability Scoring System standard.“This latest version of CVSS 4.0 seeks to provide the highest fidelity of vulnerability assessment for both industry and the public,” FIRST said in a press release.
Essentially, CVSS offers a means of enumerating a security vulnerability’s primary technical attributes and generating a number score that indicates the vulnerability’s severity. To assist companies in prioritizing their vulnerability management procedures, the score can be converted into a variety of levels, including low, medium, high, and critical.