Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mstdn.social/users/msw/statuses/111211971958864942">Matt "msw" Wilson (msw@mstdn.social)'s status on Thursday, 12-Oct-2023 00:48:40 JST</a><a href="https://mstdn.social/@msw" title="msw@mstdn.social"><img src="https://gnusocial.jp/avatar/25406-48-20221113054622.webp" width="48" height="48" alt='Matt "msw" Wilson' style="position: absolute; left: 0; top: 0;">Matt "msw" Wilson</a></section><article><p>This is your regular reminder that CVSSv3 base scores are information-poor, and taken alone are not fit for the purpose of evaluating appropriate actions to take for a given security vulnerability.</p><p>I am hoping that CVSSv4 helps improve industry practices. It's badly needed.</p><p><a href="https://mstdn.social/tags/InfoSec" rel="tag">#InfoSec</a> <a href="https://mstdn.social/tags/CVSS" rel="tag">#CVSS</a> <a href="https://mstdn.social/tags/CVE" rel="tag">#CVE</a><br><a href="https://csrc.nist.gov/csrc/media/Presentations/2023/update-on-cvss-4-0/jan-25-2023-ssca-dugal-rich.pdf" rel="nofollow noreferrer">https://csrc.nist.gov/csrc/media/Presentations/2023/update-on-cvss-4-0/jan-25-2023-ssca-dugal-rich.pdf</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2172429#notice-4265769">In conversation</a><time datetime="2023-10-12T00:48:40+09:00" title="Thursday, 12-Oct-2023 00:48:40 JST">about a year ago</time> <span>from <span><a href="https://mstdn.social/@msw/111211971958864942" rel="external" title="Sent from mstdn.social via ActivityPub">mstdn.social</a></span></span><a href="https://mstdn.social/@msw/111211971958864942">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1637583">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Matt "msw" Wilson (msw@mstdn.social)'s status on Thursday, 12-Oct-2023 00:48:40 JST Matt "msw" Wilson
This is your regular reminder that CVSSv3 base scores are information-poor, and taken alone are not fit for the purpose of evaluating appropriate actions to take for a given security vulnerability.
I am hoping that CVSSv4 helps improve industry practices. It's badly needed.
#InfoSec #CVSS #CVE
https://csrc.nist.gov/csrc/media/Presentations/2023/update-on-cvss-4-0/jan-25-2023-ssca-dugal-rich.pdf
In conversationabout a year ago from mstdn.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice