Talk:Common Vulnerability Scoring System

Latest comment: 7 months ago by Pier4r in topic Do CVSS scores get peer reviewed?

Permission for use granted by the CVSS SIG Chair Gavin Reid gavreid at cisco dot com and sent to permissions at wikimedia dot org

Rewrite for CV

edit

I did a rewrite on the temp page. I removed a lot of details (it was long anyways), it still has a list of the metrics (rewritten) but whether the list would be copyrightable is gray. I added some commentary and retained the external links. RJFJR 22:27, 24 November 2006 (UTC)Reply

edit

I suggest the following article for reference:

The Common Vulnerability Scoring System - Magic Numbers or Snake Oil?

http://www.heise-security.co.uk/articles/89049

Note that I am a Heise editor and therfor will not add this myself because it is against our policy to spam. Please inform me, if you think that this kind of proposal violates the wikipedia policy.

193.99.145.162 08:16, 12 June 2007 (UTC) / ju (ju at heisec.de)Reply

The deadlink above is now at http://www.h-online.com/security/features/The-Common-Vulnerability-Scoring-System-Magic-Numbers-or-Snake-Oil-747205.html Widefox; talk 07:34, 6 February 2013 (UTC)Reply


Rewrite needed for Adoption section

edit

It talks about v2, while now v3 is widely used. Some of the sites in the list is even down. I don't have the knowledge to edit it. 37.26.148.212 (talk)

Do CVSS scores get peer reviewed?

edit

For what I could read around in the web, the team that discovers a vulnerability, goes through the CVSS and set a score accordingly, but the issue - unless egregious - is not really peer reviewed. There are even CVEs that are disputed but the score doesn't change.

Is there a peer review or, due to the volume of CVEs, the original team decides and thus the score is not really "tested" ? (again, beside egregious problems).

Picking CVEs at random (all over 7 out of 10 in score) I couldn't find any peer review discussion about the score and the CVE in itself. Pier4r (talk) 09:45, 25 April 2024 (UTC)Reply