FIRST announces CVSS version 3

The Forum of Incident Response and Security Teams (FIRST) has announced the availability of version 3 of the Common Vulnerability Scoring System (CVSS). The new system is the latest update of the universal open and standardized method for rating IT vulnerabilities and determining the urgency of response.


CVSSv3 sets out to provide a robust and useful scoring system for IT vulnerabilities that is fit for the future. Its development has been overseen by the CVSS Special Interest Group (SIG) with input from representatives of a broad range of industry sectors, from banking and finance to technology and academia.

The updated version includes enhancements such as: the promotion of consistency in scoring, the replacement of Scoring Tips in order to more clearly guide end users of CVSS, and consideration of the system in order to make it more applicable to modern concerns.

Seth Hanford, co-chair of the FIRST CVSSv3 working group said “We hope that CVSS version 3 is clear, consistent and repeatable, and able to support the work of those who seek to understand, describe, compare, or evaluate IT vulnerabilities via a common scoring system.”

“Our aim has been to provide a system that is flexible enough to handle both the challenges that have emerged in vulnerability scoring in recent years, as well as those that we will see in the years to come.”




Share this