CVSS
The Common Vulnerability Scoring System ( literally translated: " Usual vulnerability assessment system " ), abbreviated CVSS is an industry standard to describe the severity of security vulnerabilities in computer systems. In CVSS vulnerabilities are based on various criteria, so-called metrics, evaluated and compared with each other, so that a list of priorities for remedial action can be created. CVSS is not itself a system for warning of vulnerabilities but a standard to make different description and measurement systems compatible with each other and intelligible.
CVSS was commissioned by the National Infrastructure Advisory Council ( NIAC ), a working group of the U.S. Department of Homeland Security, commissioned in 2005 and is currently managed by the Forum of Incident Response and Security Teams. The current chair of the working group CVSS -SIG team has David Ahmad Symantec. In the development of CVSS are involved: CERT, Cisco, DHS / MITRE, eBay, IBM, Microsoft, Qualys, Symantec. CVSS is further supported by HP, McAfee, Oracle, and Skype. The current version of CVSS version 2 was introduced to the public for the first time in June 2007.