Talk:Common Vulnerability Scoring System
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||
|
Permission for use granted by the CVSS SIG Chair Gavin Reid gavreid at cisco dot com and sent to permissions at wikimedia dot org
Rewrite for CV
editI did a rewrite on the temp page. I removed a lot of details (it was long anyways), it still has a list of the metrics (rewritten) but whether the list would be copyrightable is gray. I added some commentary and retained the external links. RJFJR 22:27, 24 November 2006 (UTC)
Proposal for external link
editI suggest the following article for reference:
The Common Vulnerability Scoring System - Magic Numbers or Snake Oil?
http://www.heise-security.co.uk/articles/89049
Note that I am a Heise editor and therfor will not add this myself because it is against our policy to spam. Please inform me, if you think that this kind of proposal violates the wikipedia policy.
193.99.145.162 08:16, 12 June 2007 (UTC) / ju (ju at heisec.de)
- The deadlink above is now at http://www.h-online.com/security/features/The-Common-Vulnerability-Scoring-System-Magic-Numbers-or-Snake-Oil-747205.html Widefox; talk 07:34, 6 February 2013 (UTC)
Rewrite needed for Adoption section
editIt talks about v2, while now v3 is widely used. Some of the sites in the list is even down. I don't have the knowledge to edit it. 37.26.148.212 (talk)
Do CVSS scores get peer reviewed?
editFor what I could read around in the web, the team that discovers a vulnerability, goes through the CVSS and set a score accordingly, but the issue - unless egregious - is not really peer reviewed. There are even CVEs that are disputed but the score doesn't change.
Is there a peer review or, due to the volume of CVEs, the original team decides and thus the score is not really "tested" ? (again, beside egregious problems).
Picking CVEs at random (all over 7 out of 10 in score) I couldn't find any peer review discussion about the score and the CVE in itself. Pier4r (talk) 09:45, 25 April 2024 (UTC)