CVSS 3.1 Calculation Easy Tutorial

egrizzlyegrizzly Member Posts: 531 ■■■■■□□□□□
Has anybody come across a website that provides an easier tutorial to calculating vulnerability scores based on the new CVSS 3.1 compared to whats over at the official page at

The way it's explained in that website seems wayyy too mechanical, like astrophysics or something.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+


  • JDMurrayJDMurray Admin Posts: 12,905 Admin
    edited July 2021
    CVSS 3.1 looks like something in need of an intelligent checklist. I Googled "CVSS 3.1 explained" and came up with a few hits that might help, including this page. From what I've read, it looks like 3.1 can be calculated the nearly same as 3.0 with only some minor differences.  I do like this bit:
    The first and most prominent change that CVSS v3.1 brings is that it measures severity, not risk. In the words of the The CVSS v3.1 User Guide: “The CVSS Specification Document has been updated to emphasize and clarify the fact that CVSS is designed to measure the severity of a vulnerability and should not be used alone to assess risk.”

    It looks like Cisco and have CVSS 3.1 calcs too.
  • egrizzlyegrizzly Member Posts: 531 ■■■■■□□□□□

    Thanks for posting these JD.  I'll peruse through them and see which ones have easier readability.  Hi fives all round buddy.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Sign In or Register to comment.