From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Core elements of CVSS v3.1
From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Core elements of CVSS v3.1
- [Instructor] CVSS scores are a common language to communicate the risks posed by vulnerabilities. The CVSS risk formula consists of three key metrics, base, temporal, and environmental. Base metrics are the characteristics of a vulnerability that do not change and are not dependent on any factors beyond the vulnerability itself. This includes things like how a vulnerability can be exploited, either locally or over a remote connection. Temporal metrics are the things about a vulnerability that change over time. This includes the existence of a publicly known exploit and whether or not an official patch for the vulnerability exists. Environmental metrics are characteristics of the system on which the vulnerability exists. That's things like what element or elements of the CIA triad of confidentiality, integrity, and availability matter the most. And this is where a company knowledge is key. You'll learn more about each of these elements in depth as we embark on a project to analyze vulnerabilities identified in systems at Red30. Red30 is a technology solutions provider and as such, vulnerability management is integral to supporting Red30's mission of providing technology and business-driven solutions to our customers.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.