Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Common Vulnerability Scoring System (CVSS) Requirements

  • CVSS.R.1 The product's documentation (printed or electronic) must state that it uses CVSS and explain relevant details to the users of the product. If external CVSS data is imported into the product, the documentation must state the source.
  • The vendor shall provide documentation and/or procedures that explain how to view software flaws and associated CVSS base scores within the product output.
  • The vendor shall provide documentation and/or procedures that explain how to view the CVSS vector string for all software flaws in the product that have CVSS base scores.
  • The vendor will provide documentation explaining how users can refine CVSS base scores to produce CVSS temporal scores for each CVSS base score provided by the product. Alternately, the vendor will provide documentation stating that they directly provide temporal scores for the user. It is possible that a product will provide a combination of both approaches.

...

General overview of CVSS and how Security Analysis leverages this standard can be found here