Skip to main content
Journal ArticleOPEN ACCESS

CVSS: Ubiquitous and Broken

Digital Threats: Research and Practice (2023) 4(1)
DOI: 10.1145/3491263
8Citations
Citations of this article
29Readers
Mendeley users who have this article in their library.

Abstract

The Common Vulnerability Scoring System is at the core of vulnerability management for systems of private corporations to highly classified government networks, allowing organizations to prioritize remediation in descending order of risk. With a lack of justification for its underlying formula, inconsistencies in its specification document, and no correlation to exploited vulnerabilities in the wild, it is unable to provide a meaningful metric for describing a vulnerability's severity, let alone risk. As it stands, this standard compromises the security of America's most sensitive information systems.

Author supplied keywords

Cite

CITATION STYLE

APA

Howland, H. (2023). CVSS: Ubiquitous and Broken. Digital Threats: Research and Practice, 4(1). https://doi.org/10.1145/3491263

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free