CVSS 3.1 Calculation Easy Tutorial
egrizzly
Member Posts: 533 ■■■■■□□□□□
Has anybody come across a website that provides an easier tutorial to calculating vulnerability scores based on the new CVSS 3.1 compared to whats over at the official page at https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
The way it's explained in that website seems wayyy too mechanical, like astrophysics or something.
The way it's explained in that website seems wayyy too mechanical, like astrophysics or something.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Comments
-
JDMurray Admin Posts: 13,099 AdminCVSS 3.1 looks like something in need of an intelligent checklist. I Googled "CVSS 3.1 explained" and came up with a few hits that might help, including this page. From what I've read, it looks like 3.1 can be calculated the nearly same as 3.0 with only some minor differences. I do like this bit:The first and most prominent change that CVSS v3.1 brings is that it measures severity, not risk. In the words of the The CVSS v3.1 User Guide: “The CVSS Specification Document has been updated to emphasize and clarify the fact that CVSS is designed to measure the severity of a vulnerability and should not be used alone to assess risk.”
It looks like Cisco and First.org have CVSS 3.1 calcs too.
-
egrizzly Member Posts: 533 ■■■■■□□□□□
Thanks for posting these JD. I'll peruse through them and see which ones have easier readability. Hi fives all round buddy.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+