Talk:Common Vulnerability Scoring System

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing High‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. High This article has been rated as High-importance on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Computing High‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. High This article has been rated as High-importance on the project's importance scale.

Permission for use granted by the CVSS SIG Chair Gavin Reid gavreid at cisco dot com and sent to permissions at wikimedia dot org

Rewrite for CV

Latest comment: 17 years ago1 comment1 person in discussion

I did a rewrite on the temp page. I removed a lot of details (it was long anyways), it still has a list of the metrics (rewritten) but whether the list would be copyrightable is gray. I added some commentary and retained the external links. RJFJR 22:27, 24 November 2006 (UTC)Reply

Proposal for external link

Latest comment: 11 years ago2 comments2 people in discussion

I suggest the following article for reference:

The Common Vulnerability Scoring System - Magic Numbers or Snake Oil?

http://www.heise-security.co.uk/articles/89049

Note that I am a Heise editor and therfor will not add this myself because it is against our policy to spam. Please inform me, if you think that this kind of proposal violates the wikipedia policy.

193.99.145.162 08:16, 12 June 2007 (UTC) / ju (ju at heisec.de)Reply

The deadlink above is now at http://www.h-online.com/security/features/The-Common-Vulnerability-Scoring-System-Magic-Numbers-or-Snake-Oil-747205.html Widefox; talk 07:34, 6 February 2013 (UTC)Reply

Rewrite needed for Adoption section

It talks about v2, while now v3 is widely used. Some of the sites in the list is even down. I don't have the knowledge to edit it. 37.26.148.212 (talk)

Do CVSS scores get peer reviewed?

Latest comment: 17 days ago1 comment1 person in discussion

For what I could read around in the web, the team that discovers a vulnerability, goes through the CVSS and set a score accordingly, but the issue - unless egregious - is not really peer reviewed. There are even CVEs that are disputed but the score doesn't change.

Is there a peer review or, due to the volume of CVEs, the original team decides and thus the score is not really "tested" ? (again, beside egregious problems).

Picking CVEs at random (all over 7 out of 10 in score) I couldn't find any peer review discussion about the score and the CVE in itself. Pier4r (talk) 09:45, 25 April 2024 (UTC)Reply