NIST offers evaluation of vulnerability scoring system used to prioritize remediation efforts

The National Institute of Standards and Technology has issued a draft report endorsing the accuracy of “base score” equations in a system for assessing the severity of information technology vulnerabilities that is widely used by industry in setting remediation priorities.

“Calculating the severity of information technology vulnerabilities is important for prioritizing vulnerability remediation and helping to understand the risk of a vulnerability. The Common Vulnerability Scoring System (CVSS) is a widely used approach to evaluating properties that lead to a...