VISS: A New Framework for Assessing Vulnerability Impact in Cybersecurity
The Common Vulnerability Scoring System (CVSS) has been the primary tool used by organizations to evaluate the severity of security vulnerabilities since its inception in 2005. However, this system has limitations, particularly in its lack of consideration for contextual and environmental factors. In response, Zoom has developed a new framework called the Vulnerability Impact Scoring System (VISS). In this article, we are going to understand the difference between the two.
Common Vulnerability Scoring System (CVSS)
The Common Vulnerability Scoring System (CVSS) captures technical characteristics of vulnerabilities and generates numerical scores to indicate their severity.
CVSS assigns a numerical score to describe the severity of vulnerabilities, making it easier for organizations to prioritize remedial actions based on these standard metrics.
Here is what the CVSS calculator looks like
The system of measuring the impact of vulnerabilities, known as CVSS, has been widely adopted and updated several times, with the latest…
