Recently a new version of the Common Vulnerability Scoring System has been updated. The new system will provide a more accurate way to score your risk assessment for your organization more realistic.
The new release of CVSS 4.0 has some new and interesting additions. What are those difference, you may ask? This article is meant to help understand the new scoring and have a better understanding of scoring risks and vulnerabilities.
The major changes to CVSS 4.0 are that now you can adjust the severity of a particular vulnerability. That helps in further refine the vulnerability score to their specific environment. Also, there were changes to the base metric. They have now added two more components. One being attack requirements and the other user interaction. The goal was to create a multilayered assessment of vulnerabilities from various business approaches.
New Metrics Added
The previous version of CVSS did not have supply chain risks as a Security Exception. Which is not always going to apply to every organization, however it is a tool ready to be used in case. while Prior versions focused on Confidentiality, Integrity, and Availability. This version better understands and analyze risk, vulnerable system confidentiality, integrity, and availability. Also, subsequent system confidentiality and the same two as before.
Some optional metrics include if the vulnerability can be exploited using an automated approach or if it threatens physical safety. These are called operational technology (OT) and industrial control system (ICS). That allows your organization to have multiple tools assisting with the risk assessment.
The updated scoring system most likely will produces higher scores than previous versions. In all this tool will assist you in ensuring that not only is your organization compliant with your RA. It is also a helpful tool to avoid any threats to disrupt your business. Overall CVSS 4.0 provides a more granular look to assist in your vulnerability management. Previously it was a more general score, now your team can review your business and ensure it safety and security.1