N7x@infosec.pub to appsec@infosec.pubEnglish · 1 year agoFeedback open until 31 of August for CVSS 4.0www.first.orgexternal-linkmessage-square2fedilinkarrow-up12arrow-down10cross-posted to: cybersecurity@infosec.pubcybersecurity@infosec.pub
arrow-up12arrow-down1external-linkFeedback open until 31 of August for CVSS 4.0www.first.orgN7x@infosec.pub to appsec@infosec.pubEnglish · 1 year agomessage-square2fedilinkcross-posted to: cybersecurity@infosec.pubcybersecurity@infosec.pub
minus-squaremwguy@infosec.publinkfedilinkEnglisharrow-up1·1 year agoI get why they’re doing it. But the truth is that there are still places using CVSS 2.0 to grade their vulnerabilities. The switch to CVSS 4.0 is going to take forever unless there’s some conversion logic from 3->4.
minus-squareN7x@infosec.pubOPlinkfedilinkEnglisharrow-up1·1 year agoThat’s kind of legacy debt at some point. I understand why they still want to move towards evolving the standard
I get why they’re doing it. But the truth is that there are still places using CVSS 2.0 to grade their vulnerabilities. The switch to CVSS 4.0 is going to take forever unless there’s some conversion logic from 3->4.
That’s kind of legacy debt at some point. I understand why they still want to move towards evolving the standard