IT Learning | Security | CVSS
Everything might be not exactly correct in this article but it’s very useful for beginners to understand IT terms. If you want to learn IT but you don’t have any experiences to work in IT industries, I wish it helps you to understand IT and you like to study IT more.
What is CVSS?
- The scoring way to evaluate how much dangerous a vulnerability is.
- CVSS is provided by IPA.
- You can standardize all vulnerability’s impacts with CVSS.
- CVSS is an abbreviation for Common Vulnerability Scoring System
1. Definition
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. Scores are calculated based on a formula that depends on several metrics that approximate ease of exploit and the impact of exploit. Scores range from 0 to 10, with 10 being the most severe. While many utilize only the CVSS Base score for determining severity, temporal and environmental scores also exist,
Common Vulnerability Scoring System – Wikipedia
to factor in availability of mitigations and how widespread vulnerable systems are within an organization, respectively.
CVSS is provided by IPA, whose score reflects the impact of threat caused by vulnerabilities.
2. IPA and Vulnerability
What is IPA?
IPA is kind of the national organization which promote enhancing IT levels in Japan.
IPA is also known as organizing the exam for national IT certificate.
What is “Vulnerability”?
“Vulnerability” is kind of the defect of IT systems, such as software problems, weaknesses, lack of design consideration.
3. Common Vulnerability Scoring System
CVSS is an abbreviation for Common Vulnerability Scoring System.
Common
the same in a lot of places or for a lot of people
https://dictionary.cambridge.org/dictionary/english/common
Vulnerability
the quality of being vulnerable (= able to be easily hurt, influenced, or attacked), or something that is vulnerable
https://dictionary.cambridge.org/dictionary/english/vulnerability
Common + vulnerability + scoring + system = Common system of scoring vulnerabilities
4. Example of CVSS
Here is an example of CVSS with the story of pirates.
There are the god and pirates.
The god wants to rule the world, and pirates also wants to rule the same world.
The bounty of the god is evaluated his threat with Extol which is the currency of his world.
The bounty of the pirates are evaluated his threat with Gold which is the currency of other world.
Then people in their world wonder which is more big threat to them.
They can’t compare with it because they are evaluated with the different currency.
They need the common currency.
It’s like you can’t compare with 10 kilograms and 10 meters.
IPA provides the standard how to measure the severity of vulnerabilities as a score.
That Score is calculated based on a formula that depends on several metrics that approximate ease of exploit and the impact of exploit. You can check the details with following sites.
共通脆弱性評価システムCVSS概説:IPA 独立行政法人 情報処理推進機構
Common Vulnerability Scoring System – Wikipedia
- The god is 500,000,000 berries.
- The pirates are 8,000,000,000 berry.
And now you can see which is more dangerous, yes Pirates! All you should do is just comparing with their scores.
And high number is a high risk.
5. Related Information
Related Articles
IT Learning | Security | Malware | Japan Teams
IT Learning | Security | IDS | Japan Teams
IT Learning | Security | Firewall – Saving Alabasta | Japan Teams
Other Source Information
IPA Information-technology Promotion Agency, Japan
fin
|
|
![[商品価格に関しましては、リンクが作成された時点と現時点で情報が変更されている場合がございます。]](https://hbb.afl.rakuten.co.jp/hgb/20d40c62.15e03a9d.20d40c63.d18c16aa/?me_id=1213310&item_id=19839865&pc=https%3A%2F%2Fthumbnail.image.rakuten.co.jp%2F%400_mall%2Fbook%2Fcabinet%2F1696%2F9784088821696.jpg%3F_ex%3D240x240&s=240x240&t=picttext "[商品価格に関しましては、リンクが作成された時点と現時点で情報が変更されている場合がございます。]")
|
|
![[商品価格に関しましては、リンクが作成された時点と現時点で情報が変更されている場合がございます。]](https://hbb.afl.rakuten.co.jp/hgb/20d1464f.c769ffca.20d14650.9140783f/?me_id=1280779&item_id=10005763&pc=https%3A%2F%2Fthumbnail.image.rakuten.co.jp%2F%400_mall%2Ftenten-store%2Fcabinet%2Fimg06%2Fgrandi-zro.jpg%3F_ex%3D240x240&s=240x240&t=picttext "[商品価格に関しましては、リンクが作成された時点と現時点で情報が変更されている場合がございます。]")
