Skip to end of banner Go to start of banner

CVSS

Skip to end of metadata

Created by Anonymous, last modified on Feb 17, 2011

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Common Vulnerability Scoring System (CVSS)

The product's documentation (printed or electronic) must state that it uses CVSS and explain relevant details to the users of the product. If external CVSS data is imported into the product, the documentation must state the source.

The vendor shall provide documentation and/or procedures that explain how to view software flaws and associated CVSS base scores within the product output.

The vendor shall provide documentation and/or procedures that explain how to view the CVSS vector string for all software flaws in the product that have CVSS base scores.

The vendor will provide documentation explaining how users can refine CVSS base scores to produce CVSS temporal scores for each CVSS base score provided by the product. Alternately, the vendor will provide documentation stating that they directly provide temporal scores for the user. It is possible that a product will provide a combination of both approaches.

The vendor will provide documentation explaining how users can customize CVSS base scores to produce CVSS environmental scores for each CVSS base score provided by the product.

No labels