Risk Scoring
CVSS and prioritization.
Why Score Risk
A list of vulnerabilities is not enough. The client needs to know which ones to fix first.
Risk scoring turns subjective opinions into a consistent, defensible ranking that everyone can agree on.
Introducing CVSS
The Common Vulnerability Scoring System (CVSS) is the industry standard for rating vulnerability severity on a 0 to 10 scale.
It is maintained by FIRST and used in the National Vulnerability Database. CVSS v3.1 and v4.0 are the current versions.