The Common Vulnerability Scanning System (CVSS) is the most frequently cited rating system to assess the severity of security vulnerabilities. It has been criticized, however, as not being appropriate to assess and prioritize risk from those vulnerabilities. For this reason, some have called for using the Exploit Prediction Scoring System (EPSS) or combining CVSS and EPSS to make vulnerability metrics more actionable and efficient. Like CVSS, EPSS is governed by the Forum of Incident Response and Security Teams (FIRST).
Related Post
- November 15, 2024
Friday Squid Blogging: Female Gonatus Onyx Squid Carrying
Fantastic video of a female Gonatus onyx squid swimming while carrying her egg sack. An earlier related post. Blog moderation
- November 15, 2024
Iranian Hackers Deploy WezRat Malware in Attacks Targeting
Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to
- November 15, 2024
Researchers Warn of Privilege Escalation Risks in Google’s
Cybersecurity researchers have disclosed two security flaws in Google’s Vertex machine learning (ML) platform that, if successfully exploited, could allow
- November 15, 2024
Good Essay on the History of Bad Password
Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson’s work brought much-needed data