CVSS 3.1 Calculation Easy Tutorial

egrizzlyegrizzly Member Posts: 531 ■■■■■□□□□□
in Education & Development
Has anybody come across a website that provides an easier tutorial to calculating vulnerability scores based on the new CVSS 3.1 compared to whats over at the official page at https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

The way it's explained in that website seems wayyy too mechanical, like astrophysics or something.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Tagged:
· Share on FacebookShare on Twitter

Comments

  • JDMurrayJDMurray Admin Posts: 12,905 Admin
    edited July 2021
    CVSS 3.1 looks like something in need of an intelligent checklist. I Googled "CVSS 3.1 explained" and came up with a few hits that might help, including this page. From what I've read, it looks like 3.1 can be calculated the nearly same as 3.0 with only some minor differences.  I do like this bit:
    The first and most prominent change that CVSS v3.1 brings is that it measures severity, not risk. In the words of the The CVSS v3.1 User Guide: “The CVSS Specification Document has been updated to emphasize and clarify the fact that CVSS is designed to measure the severity of a vulnerability and should not be used alone to assess risk.”

    It looks like Cisco and First.org have CVSS 3.1 calcs too.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • egrizzlyegrizzly Member Posts: 531 ■■■■■□□□□□

    Thanks for posting these JD.  I'll peruse through them and see which ones have easier readability.  Hi fives all round buddy.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
    · Share on FacebookShare on Twitter
Sign In or Register to comment.