Common Vulnerability Scoring System News

CVSS-SIG successful working meeting during the 20th annual FIRST conference (18:43 GMT+01)

The Common Vulnerability Scoring System Special Interest Group (CVSS- SIG) had a very busy and successful working meeting during the 20th annual FIRST conference in Vancouver. We covered many of the CVSS use cases post v2 deployment - namely PCI and S-CAP - thanks for all the great participation.

FIRST CVSS-SIG meeting, Vancouver 2008 (20:17 GMT+01)

The Common Vulnerability Scoring System Special Interest Group (CVSS-SIG) has scheduled a working meeting during the 20th annual FIRST conference in Vancouver (June 22-27,2008). This meeting will take place on Monday, June 23rd 08:30-10:30 PST

New Scoring System Protects Credit Card Transactions (13:34 GMT+01)

ScienceDaily — As this year's holiday season approaches, your credit card transactions may be a little more secure thanks to standards adopted by the payment card industry. The latest incarnation of these standards include the Common Vulnerability Scoring System (CVSS) Version 2 that was coauthored this year by researchers at the National Institute of Standards and Technology and Carnegie Mellon University in collaboration with 23 other organizations

The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems (16:41 GMT+01)

NIST IR 7435 is published as final. CVSS provides an open framework for communicating the characteristics and impacts of IT vulnerabilities.

CVSS Version 2 Scoring with Nessus and the Passive Vulnerability Scanner (15:22 GMT+01)

On Wednesday, August 15th, 2007, Tenable Network Security will begin converting CVSS base scores for Nessus and the Passive Vulnerability Scanner (PVS) plugins from version 1 to version 2. This blog entry discusses how some of the plugin severity...

A revised vulnerability rating system gains steam (21:00 GMT+01)

A standardized system to rank computer system vulnerabilities has been revised to help IT managers make better decisions more quickly about potential threats [SearchWinIt.com]

New tool for testing application security (17:00 GMT+01)

Standards-based system to rate vulnerabilities [Computerworld]

NIST releases FISMA security control tools (05:24 GMT+01)

The National Institute of Standards and Technology has released a suite of tools to help automate vulnerability management and evaluate compliance with federal IT security requirements.

National Vulnerability Database Version 2.0 - NVD Now Supports CVSS Version 2.0 (June 20, 2007)!! (22:00 GMT+01)

NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance.

Flaw grading system graduates to next version (20:00 GMT+01)

The Forum of Incident Response and Security Teams (FIRST) announced on Wednesday a revised version of the Common Vulnerability Scoring System (CVSS), which modifies the ranking system's recipe for judging the severity of software flaws.

New version of Common Vulnerability Scoring System released (02:00 GMT+01)

Seville Spain – June 20, 2007: Millions of computer users worldwide will enjoy more secure virtual experiences and transactions with the advent today of CVSSv2 – the latest version of the Common Vulnerability Scoring System.

Magic Numbers or Snake Oil? The Common Vulnerability Scoring System (15:15 GMT+01)

Can a single number sum up the full significance of a security vulnerability? The CVSS attempts to prove that it can, but it has its weak points.

CVSS Scores and Calculators (14:25 GMT+01)

Several sites provide easy ways to get CVSS scores. The major ones are listed on the SIG website.

FIRST Urges Wide-Scale Adoption of New Common Vulnerability Scoring System (CVSS) (00:53 GMT+01)

The Forum of Incident Response and Security Teams (FIRST) a not-for-profit network of computer security incident response teams representing government, law enforcement, ...

FIRST Selected to Lead Scoring Standard for Security Vulnerabilities Scoring System (06:05 GMT+01)

The biggest challenge facing any new standard is the universal adoption of the standard. In order to address the inconsistency of scoring metrics for vulnerabilities...

Call to Arms for Corporate Chiefs to Attend "Critical" Cyber Conference (19:18 GMT+01)

Corporate executives from around the world were today being urged to attend a special conference on risk, to be staged this June in Singapore by FIRST, the world's premier force...