- cross-posted to:
- cybersecurity
- appsec
- cross-posted to:
- cybersecurity
- appsec
Where are my VM folks at? CVSS v4.0! Some takeaways reading the brief change list…
- Emphasis that scoring is not just the Base metrics but in order to get an accurate score you need to consider temporal/environmental scores. Awesome and so true.
- Attack Requirements (AT) seems useful given so much of what the “likelihood” of a successful attack is dependent on how likely it is for the attacker to meet all requirements.
- Temporal renamed to “Threat metric”. Don’t like…
- RL and RC deprecated. Good. Never liked those
- More emphasis on OT vs IT which is great!
Thanks to @forgetful@infosec.exchange for tootin’ about it!
You must log in or # to comment.