Inconsistencies in the Common Vulnerability Scoring System (CVSS) are revealed in a recent study. The study shows that evaluations of vulnerabilities often differ among analysts, raising questions about the consistency of CVSS assessments. Factors influencing these evaluations are also explored. Despite the inconsistencies, CVSS is still seen as a useful tool for vulnerability assessment. Recommendations for improving scoring consistency are provided. #CVSS #vulnerabilities #security

https://www.schneier.com/blog/archives/2023/09/inconsistencies-in-the-common-vulnerability-scoring-system-cvss.html