Vulnerabilities are weaknesses that can be exploited to compromise the security of assets. They are weaknesses in an information system, internal controls, or implementation that could be exploited. There can be many vulnerabilities in a system/organization, which need to be identified, defined, and prioritized in order to provide the necessary knowledge, awareness, and risk background. One way to prioritize these vulnerabilities is by scoring these vulnerabilities. Prioritizing vulnerabilities helps us to identify the order in which these vulnerabilities need to be accessed and remediated.
Common Vulnerability Scoring System
The Common Vulnerability Scoring System (CVSS) gives an approach to catch the foremost attributes of a defenselessness and produce a numerical score mirroring its seriousness. The numerical score would then be able to be converted into a subjective portrayal, to help associations appropriately survey and organize their defenselessness the board forms.
It is managed by FIRST.org. The current version of CVSS is 3.1.
The (CVSS) catches the essential specialized attributes of programming, equipment, and firmware vulnerabilities. Its yields incorporate numerical scores demonstrating the seriousness of a weakness comparative with different vulnerabilities.
This describes the conditions not under the control of attackers which need to be present for the vulnerability to be exploited.
It represents the impact on the confidentiality of the information resources managed by the component exploited by the attack.
The advantages of CVSS incorporate the arrangement of a normalized seller and stage skeptic weakness scoring philosophy. It is an open structure, giving straightforwardness to the individual attributes and philosophy used to determine a score. The CVSS permits associations to organize which vulnerabilities to fix first and measure the effectiveness of the vulnerabilities on their frameworks.
Writer: Kunal Babbar in the mentorship of Karan Srivastava