CVSS Score Calculator

Last night’s tip concerned NIST’s CVSS system for evaluating the severity of security breaches. NIST has an online calculator that you can use to generate a score based on each of the metrics discussed last night. See: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . In this example, we see how the highest CVSS score resutls in the worst case scenario for each of the metrics:



An additional temporal score (which uses the base score as an input) is based on whether or not a functional code has been developed for an exploit and has been distributed; whether or not a patch has been developed to remediate the attack; and whether or not the cause of the attack is known.