Prioritize the vulnerabilities in your environment using the Common Vulnerability Scoring System (CVSS). Learn how to apply CVSS scores to effectively assess risk.
- [Lora] So, you just ran your first vulnerability scan in your environment and the results, they're a little bit overwhelming. You probably have hundreds, maybe even thousands, of vulnerabilities in that report. So, I guess it's just time to start checking them off one by one, right? But here's the problem. Even if you manage to get through the entire list, tomorrow there's going to be brand new vulnerabilities that show up. No matter what, it's impossible to have all vulnerabilities taken care of. Why? Well, software is written by humans. There's always going to be a bug. Even in software that's existed for decades, new flaws are discovered every single day. That means every system, every single piece of software your company uses might just have vulnerabilities lurking beneath the surface. At the end of the day, the only way to do this job well is to prioritize the vulnerabilities that have the highest potential impact to your environment. And the most widely used methodology for assessing that risk is the Common Vulnerability Scoring System, or CVSS. In this course, we'll cover the most important parts of CVSS, base, temporal, and environmental metrics, and look at some techniques you can use to figure out what to fix first. Along the way, I'll provide some real world examples and challenges to help you test your knowledge. I'm Lora Vaughn. I'm a cybersecurity executive with over 15 years of experience in lots of areas, including vulnerability management. Figuring out what to fix first can be a challenge, but CVSS is a great tool to help you get started. So join me on my LinkedIn Learning course, as we start chipping away at the massive problem of vulnerability management and that way your environment's more secure and less likely to get hacked.