The State of Common Vulnerability Scoring System in the 2020s

Slide Note
Embed
Share

The Common Vulnerability Scoring System (CVSS) has evolved, with CVSS v3.1 enhancing usability and clarity since its publication in June 2019. Looking ahead, CVSS v4.0 aims to expand into OT and Cloud Services, introduce new metrics like Threat Intelligence, and simplify scoring while maintaining accuracy. Approved and proposed work items reflect ongoing efforts to refine the system for better risk assessment in cybersecurity. Stay updated on the future of CVSS v4.0.

swedberg_i
swedberg_i Follow

Uploaded on Oct 03, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Common Vulnerability Scoring System The State of CVSS for the 2020s Dave Dugal Juniper Networks Dale Rich DTCC Co-chairs of CVSS Special Interest Group

  2. Agenda Current Status of CVSS v3.1 The Hopes and Dreams of CVSS v4.0 Highlights: Approved and Proposed Work Items How to Get Involved Open Q&A

  3. Current Status of CVSS CVSS v3.1 published in June 2019 Improves upon v3.0 without introducing new metrics or values o Allows for frictionless adoption of the new standard Usability was a prime consideration o Improve the clarity of concepts introduced in CVSS v3.0 o Improve the overall ease of use of the standard o Clarify definitions with better explanations of existing base metrics o Lots and lots of examples of Scope described in Section 3.5 of the User Guide Defined the CVSS Extensions Framework CVSS Glossary of Terms expanded and refined

  4. Where weve been and where were going CVSS v3.x Objectives o The challenges of virtualization (Scope) o Increased objectivity and repeatability o Removed the middle 90% Impact issue CVSS v4.0 Looking Forward o Threat Intelligence metrics Exploitability vs. Likelihood of Attack o Cloud Services and OT o Concepts of Survivability and Resilience to measure recovery effort o Active vs. Passive User Interaction o Attack Complexity vs. Attack Requirements o Nomenclature

  5. The Hopes and Dreams of CVSS v4.0 Expand applicability from classic IT to OT and Cloud Services Operationalizing Threat Intelligence Considering a new Severity Metric Group o Category of Exploit o Kinetic Impact o Collateral Damage Active vs. Passive User Interaction Attack Complexity vs. Attack Requirements o Motility o Persistence Note: CVSSv4 targeting June 2021 FIRST Conference to announce publication

  6. CVSS v4.0: Approved Proposals Temporal Metric Group is replaced by the Threat Metric Group User Interaction (Active vs. Passive) Attack Requirements base metric o Added to compliment Attack Complexity Clarification of Scope Removal of Report Confidence and Remediation Level

  7. CVSS v4.0: Proposed Work Items New Severity Metric Group Support for Unknown (X) values in Base Score New Threat Intelligence Confidence Likelihood of exploit at scale Resilience Ease of Mitigation Kinetic Impact Collateral Damage Nomenclature Check out https://bit.ly/cvssv4-workitems for complete list

  8. Get Involved! The CVSS SIG holds weekly conference calls to discuss improvements to the standard Meetings to discuss CVSS v4.0 occur on Thursday at 13:00 ET Become an active Participant in the meetings, or just join our mailing list as an Observer Details of how to get involved are on the CVSS home page: https://www.first.org/cvss Or rock it old school, and drop us an e-mail: cvss@first.org

Related


Understanding QuickScore Scoring Guide

Understanding QuickScore Scoring Guide

daie699
Understanding the Vulnerability Index for Small Island Developing States

Understanding the Vulnerability Index for Small Island Developing States

evander
Navigating Inflation Trends: Insights from Early 2020s

Navigating Inflation Trends: Insights from Early 2020s

perry
MCAS Biology Test Scoring Process Overview

MCAS Biology Test Scoring Process Overview

nikolas
Understanding Vulnerability: Meaning, Types, and Factors affecting Vulnerability

Understanding Vulnerability: Meaning, Types, and Factors affecting Vulnerability

james_cameo
Speaking Scoring Practice Slides for Secondary Level Assessment

Speaking Scoring Practice Slides for Secondary Level Assessment

her_ste
Supporting Schools and Students: Hand-Scoring & Score Reporting Training Module

Supporting Schools and Students: Hand-Scoring & Score Reporting Training Module

vyom_2
Analysis of Writing Scoring Guide Study Results

Analysis of Writing Scoring Guide Study Results

mellaniep
GD Bart Puppy Test: Behavior Scoring System Overview

GD Bart Puppy Test: Behavior Scoring System Overview

django
Implementing the Oregon Official Writing Scoring Guide

Implementing the Oregon Official Writing Scoring Guide

dextinmo
Understanding Telecom Security Testing: Vulnerability Assessment & Remediation

Understanding Telecom Security Testing: Vulnerability Assessment & Remediation

mia
Promoting Archery in Hillingdon: Understanding Scoring and Rules

Promoting Archery in Hillingdon: Understanding Scoring and Rules

abdullah
Coastal Vulnerability Assessment of Curacao, Netherlands Antilles

Coastal Vulnerability Assessment of Curacao, Netherlands Antilles

leir320
Comprehensive Hazard Vulnerability Assessment Workshop and Tools

Comprehensive Hazard Vulnerability Assessment Workshop and Tools

chow932
ELPA21 Screener Speaking Scoring Slides with Rationales

ELPA21 Screener Speaking Scoring Slides with Rationales

bellard_n
Understanding Risk Management in Environmental Geography and Disaster Management

Understanding Risk Management in Environmental Geography and Disaster Management

duke
Economic Vulnerability Premium for SIDS - Webinar Insights

Economic Vulnerability Premium for SIDS - Webinar Insights

sullivan
Gamifying Vulnerability Reporting for Coordinated Disclosure at Microsoft Security Response Center

Gamifying Vulnerability Reporting for Coordinated Disclosure at Microsoft Security Response Center

buis_an
Comprehensive Guide to Vulnerability Mapping in Election Planning

Comprehensive Guide to Vulnerability Mapping in Election Planning

rain
Vulnerability Mapping (VM).Guidance Plan

Vulnerability Mapping (VM).Guidance Plan

nadine
Leveraging Artifact Dependency Graphs for Software Vulnerability Detection

Leveraging Artifact Dependency Graphs for Software Vulnerability Detection

eithne
Understanding Vulnerability and Capacity Issues in Civil Courts

Understanding Vulnerability and Capacity Issues in Civil Courts

taviusk
Reimagining Vulnerability: Rethinking the Body and Human Dignity

Reimagining Vulnerability: Rethinking the Body and Human Dignity

tao_yl
Understanding Risks and Vulnerability in Risk Assessment

Understanding Risks and Vulnerability in Risk Assessment

mccarson_n

More Related Content

Practical Guidance for CVSS v4.0 Scoring
Practical Guidance for CVSS v4.0 Scoring
Self-Determination Assessment Scoring Guide
Self-Determination Assessment Scoring Guide
Understanding Questionnaires, Scoring, and UAT Part 1


Understanding Questionnaires, Scoring, and UAT Part 1


Understanding Tactical Fouls and DOGSO in Soccer
Understanding Tactical Fouls and DOGSO in Soccer
AchieveNJ Teacher Evaluation Scoring Guide Overview
AchieveNJ Teacher Evaluation Scoring Guide Overview
Overview of RACP Divisional Clinical Examination Scoring Grid and Bands
Overview of RACP Divisional Clinical Examination Scoring Grid and Bands
Understanding Sequence Alignment and Scoring Matrices
Understanding Sequence Alignment and Scoring Matrices
Evaluation Criteria and Scoring Rubric for Arts and Culture Funding Applications
Evaluation Criteria and Scoring Rubric for Arts and Culture Funding Applications
Investigation of the Effects of Automatic Scoring Technology on Human Raters' Performances in L2 Speech Proficiency Assessment
Investigation of the Effects of Automatic Scoring Technology on Human Raters' Performances in L2 Speech Proficiency Assessment
Value for Money Scorecard Criteria and Scoring Framework
Value for Money Scorecard Criteria and Scoring Framework
Scoring Optimism Questionnaire: Three Dimensions by Dr. Martin Seligman
Scoring Optimism Questionnaire: Three Dimensions by Dr. Martin Seligman
Scorer's Clinic - March 18-19, 2017
Scorer's Clinic - March 18-19, 2017
8th Grade Mathematics Performance Events Analysis
8th Grade Mathematics Performance Events Analysis
Masculism 101: A Men's Movement for Liberation in the 2020s
Masculism 101: A Men's Movement for Liberation in the 2020s
Coastal Vulnerability Audit Tool (CVAT) for Curacao, Netherlands Antilles
Coastal Vulnerability Audit Tool (CVAT) for Curacao, Netherlands Antilles
Understanding Legal Ramifications of Mental Illness in Criminal Justice System
Understanding Legal Ramifications of Mental Illness in Criminal Justice System
Overview of RACP Divisional Clinical Examination
Overview of RACP Divisional Clinical Examination
Understanding Alcohol and Drug Facilitated Sexual Assault
Understanding Alcohol and Drug Facilitated Sexual Assault
Data Quality Assessments
Data Quality Assessments
Understanding Quadrilaterals: 3rd Grade Performance Event in Mathematics
Understanding Quadrilaterals: 3rd Grade Performance Event in Mathematics
Public Transportation Scoring and Project Categories: Enhancing Mobility in NC
Public Transportation Scoring and Project Categories: Enhancing Mobility in NC
Evolution of Land Law Systems in Trinidad and Tobago
Evolution of Land Law Systems in Trinidad and Tobago
Understanding the WSP Audit Process
Understanding the WSP Audit Process
Basic Rules and Procedures of 3x3 Basketball Game
Basic Rules and Procedures of 3x3 Basketball Game