From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Using CVSS scores
From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Using CVSS scores
- [Instructor] CVSS scores should seem a little less mysterious now, but you may be asking where can I find them if they already exist and then what do I do with them? If you're using a vulnerability scan engine, like Nessus, you've probably seen a CVSS score in those reports. With some commercial products you may see other vendor specific risk scores and those have their own approach to risk rating. If you don't have a vulnerability scanner or you're just researching publicly disclosed vulnerabilities, you should check the NVD for information about a specific vulnerability, and that includes its CVSS score. You might just run into a situation where you find out about a vulnerability that doesn't have a CVE and isn't in the NVD. When there's no CVE, there won't be a CVSS score. Many times these types of vulnerabilities exist because not all software companies publicly disclose the vulnerabilities in their systems, and…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.