CVSS 3.1 Calculation Easy Tutorial

egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+Member Posts: 470 ■■■■■□□□□□
Has anybody come across a website that provides an easier tutorial to calculating vulnerability scores based on the new CVSS 3.1 compared to whats over at the official page at https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

The way it's explained in that website seems wayyy too mechanical, like astrophysics or something.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,341 Admin
    edited July 17
    CVSS 3.1 looks like something in need of an intelligent checklist. I Googled "CVSS 3.1 explained" and came up with a few hits that might help, including this page. From what I've read, it looks like 3.1 can be calculated the nearly same as 3.0 with only some minor differences.  I do like this bit:
    The first and most prominent change that CVSS v3.1 brings is that it measures severity, not risk. In the words of the The CVSS v3.1 User Guide: “The CVSS Specification Document has been updated to emphasize and clarify the fact that CVSS is designed to measure the severity of a vulnerability and should not be used alone to assess risk.”

    It looks like Cisco and First.org have CVSS 3.1 calcs too.
  • egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ Member Posts: 470 ■■■■■□□□□□

    Thanks for posting these JD.  I'll peruse through them and see which ones have easier readability.  Hi fives all round buddy.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Sign In or Register to comment.