Wednesday, May 22, 2024

New Common Vulnerability Scoring System (CVSS) v4.0 Released – What’s New!

CVSS (Common Vulnerability Scoring System) is vital for supplier-consumer interaction, offering a numerical score to assess security vulnerabilities’ technical severity that helps in guiding the following entities:-

  • Businesses
  • Service providers
  • Public

CVSS scores interpret the following qualitative ratings for prioritizing vulnerability management and enhancing defense strategies against cyber threats, enabling real-time threat assessment for consumers’ protection:-

  • Low
  • Medium
  • High
  • Critical

At the 35th Annual FIRST Conference in June 2023, the CVSS version 4.0 was unveiled by FIRST. However, after two months of public input and refinement, CVSS version 4.0 was officially released by FIRST.

CVSS 4.0 – What’s New?

This new version, CVSS 4.0, aims to offer the most precise vulnerability assessment, as it provides:-

  • Finer detail
  • Clarity
  • Simplification in threat metrics

These are the key elements that make it more effective for assessing security needs and controls. CVSS 4.0 adds new metrics for assessing vulnerabilities, including:-

  • Automatable
  • Recovery
  • Value Density
  • Response Effort
  • Urgency

Moreover, it’s also expanded for the OT/ICS/IoT, with Safety metrics included. CVSS 4.0 is a game-changer for global cybersecurity and incident response teams, offering a vital tool in the face of rising threats.

Diverse rating systems were used for severity before 2005 since, at that time, various non-standard severity systems existed. 

In February 2005, CVSS version 1 was initially introduced, driven by FIRST to standardize vulnerability measurement, which became an important industry tool.

CVSS evolved from version 1 in 2005 to version 3.1 in 2019. Version 4.0 is a notable advance, emphasizing threat intelligence and environmental metrics for more accurate scoring.

Here below, we have mentioned the new nomenclature that has been adopted in version 4.0:-

  • CVSS-B: CVSS Base Score
  • CVSS-BT: CVSS Base + Threat Score
  • CVSS-BE: CVSS Base + Environmental Score
  • CVSS-BTE: CVSS Base + Threat + Environmental Score

The rapid rise in cybersecurity challenges shows the importance of global coordination which is crucial. However, introducing standards like CVSS 4.0 plays a vital role in enhancing internet safety for all.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Website

Latest articles

Cloud-Based Malware Attack Abusing Google Drive & Dropbox

A phishing email with a malicious zip attachment initiates the attack. The zip contains...

OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack

OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients'...

Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

The widely used team workspace corporate wiki Confluence has been discovered to have a...

Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts

In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a...

Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments

Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident...

Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers...

DoppelGänger Attack: Malware Routed Via News Websites And Social Media

A Russian influence campaign, DoppelGänger, leverages fake news websites (typosquatted and independent) to spread...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles