Recently, I looked at Microsoft’s assigned CVSS v3.1 scores for Patch Tuesday vulnerabilities alongside the Microsoft assigned severity ratings. I wanted to revisit these numbers and see just how closely CVSS aligns with Microsoft’s opinion of severity. Disclaimer: I’m aware that CVSS v4.0 exists. However, Microsoft has not yet adopted it, and I wanted an apples-to-apples comparison. What Is CVSS v3.1? CVSS v3.1 provides the Qualitative Severity Rating Scale, which looks like this: Rating CVSS Score None 0.0 Low 0.1 – 3.9 Medium 4.0 – 6.9 High 7.0 – 8.9 Critical 9.0 – 10.0 Source: FIRST.org…
This article has been indexed from Blog RSS Feed