Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Common Vulnerability Scoring System (CVSS) Requirements

  • CVSS.R.1 The product's documentation (printed or electronic) must state that it uses CVSS and explain relevant details to the users of the product. If external CVSS data is imported into the product, the documentation must state the source.

General overview of CVSS and how Security Analysis leverages this standard can be found here

CVSS + CVE Requirements

  • The vendor shall provide documentation explaining where the NVD CVSS base scores and vector strings can be located with the corresponding CVE ID.15 The vendor may optionally provide the tester information on how the product can be updated with new NVD CVSS base scores and vector strings prior to testing.
  • No labels