The Common Vulnerability Scanning System (CVSS) is the most frequently cited rating system to assess the severity of security vulnerabilities. It has been criticized, however, as not being appropriate to assess and prioritize risk from those vulnerabilities. For this reason, some have called for using the Exploit Prediction Scoring System (EPSS) or combining CVSS and EPSS to make vulnerability metrics more actionable and efficient. Like CVSS, EPSS is governed by the Forum of Incident Response and Security Teams (FIRST).
Related Post
- January 23, 2025
Smashing Security podcast #401: Hacks on the high
An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer
- January 22, 2025
Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity
The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).
- January 22, 2025
MasterCard DNS Error Went Unnoticed for Years
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed
- January 22, 2025
Hackers Exploit Zero-Day in cnPilot Routers to Deploy
Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU