CVSS 3.1 Calculation Easy Tutorial

Has anybody come across a website that provides an easier tutorial to calculating vulnerability scores based on the new CVSS 3.1 compared to whats over at the official page at https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

The way it's explained in that website seems wayyy too mechanical, like astrophysics or something.

Find more posts tagged with

CVSS

vulnerability score

cvsss 3.1

vulnerability calculator

Comments

JDMurray

CVSS 3.1 looks like something in need of an intelligent checklist. I Googled "CVSS 3.1 explained" and came up with a few hits that might help, including this page. From what I've read, it looks like 3.1 can be calculated the nearly same as 3.0 with only some minor differences. I do like this bit:

The first and most prominent change that CVSS v3.1 brings is that it measures severity, not risk. In the words of the The CVSS v3.1 User Guide: “The CVSS Specification Document has been updated to emphasize and clarify the fact that CVSS is designed to measure the severity of a vulnerability and should not be used alone to assess risk.”

It looks like Cisco and First.org have CVSS 3.1 calcs too.

egrizzly

Thanks for posting these JD. I'll peruse through them and see which ones have easier readability. Hi fives all round buddy.