Scroll Top

What is the New Version of CVSS 4.0 all about?

What is the New Version of CVSS 4.0 all about?
Screenshot 2023-11-20 at 1.33.01 PM
1
By Jose Reyes Cyber Crime Hacking Attacks IT Assessment IT Audit Security Blog November 20, 2023

Recently a new version of the Common Vulnerability Scoring System has been updated. The new system will provide a more accurate way to score your risk assessment for your organization more realistic.

The new release of CVSS 4.0 has some new and interesting additions. What are those difference, you may ask? This article is meant to help understand the new scoring and have a better understanding of scoring risks and vulnerabilities.  

The major changes to CVSS 4.0 are that now you can adjust the severity of a particular vulnerability. That helps in further refine the vulnerability score to their specific environment.  Also, there were changes to the base metric. They have now added two more components. One being attack requirements and the other user interaction.  The goal was to create a multilayered assessment of vulnerabilities from various business approaches.

New Metrics Added

The previous version of CVSS did not have supply chain risks as a Security Exception. Which is not always going to apply to every organization, however it is a tool ready to be used in case. while Prior versions focused on Confidentiality, Integrity, and Availability. This version better understands and analyze risk, vulnerable system confidentiality, integrity, and availability. Also, subsequent system confidentiality and the same two as before.  

Some optional metrics include if the vulnerability can be exploited using an automated approach or if it threatens physical safety. These are called operational technology (OT) and industrial control system (ICS).  That allows your organization to have multiple tools assisting with the risk assessment.  

The updated scoring system most likely will produces higher scores than previous versions. In all this tool will assist you in ensuring that not only is your organization compliant with your RA. It is also a helpful tool to avoid any threats to disrupt your business.  Overall CVSS 4.0 provides a more granular look to assist in your vulnerability management. Previously it was a more general score, now your team can review your business and ensure it safety and security.  

1
Jose Reyes / About Author
I am currently pursuing my Bachelor's degree in Cybersecurity and Information Assurance, driven by a passion for protecting digital assets and ensuring data integrity in our interconnected world. As an intern at Top Gallant Partners, I am gaining hands-on experience in cybersecurity practices, further enhancing my understanding of threat detection, risk assessment, and security management.
With coursework focusing on network security, cryptography, ethical hacking, and incident response, I am equipped with the skills needed to address the complex challenges facing organizations today.
More posts by Jose Reyes
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required