FIRST Announces CVSS 4.0 – New Vulnerability Scoring System


The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015.

“This latest version of CVSS 4.0 seeks to provide the highest fidelity of vulnerability assessment for both industry and the public,” FIRST said in a statement.

CVSS essentially provides a way to capture the principal technical characteristics of a security vulnerability and produce a numerical score denoting its severity. The score can be translated into various levels, such as low, medium, high, and critical, to help organizations prioritize their vulnerability management processes.

Read more…