Understanding CVSS v3.1

The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of software and hardware security vulnerabilities. Its quantitative model aims to ensure consistent and accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the scores.

FIRST (The Forum of Incident Response and Security Teams), the organization responsible for maintaining and developing the CVSS, recently announced the publication of CVSS version 3.1.

This article explains the changes made in CVSS v3.1, their importance, and how this scoring should figure in when looking at security vulnerabilities;