CVSS
Common Vulnerability Scoring System
Geek Speak:
A standardized framework used to quantify the severity of security vulnerabilities in software and hardware. It provides a numerical score (0-10) and a vector string to communicate the vulnerability's characteristics, helping organizations assess, prioritize, and manage their vulnerability management processes.
Plain English:
What Is the Common Vulnerability Scoring System (CVSS)?
The Common Vulnerability Scoring System (CVSS) is a way to measure how severe a computer security weakness (or “vulnerability”) is.
Think of CVSS like a health check for software or systems — it assigns each vulnerability a score, typically ranging from 0 to 10, that indicates the potential danger if a hacker were to exploit it.
A higher score indicates that the vulnerability is more critical and should be addressed more urgently. This helps businesses and security teams prioritize which problems need urgent attention and which are less risky.
In simple terms, CVSS helps companies understand and manage their security risks more effectively by rating the severity of each vulnerability.