https://groups.google.com/a/list.nist.gov/g/nvd-news/c/sJmF-2XIA80?pli=1
#nist #cvss4

cve.threatint.com is a FREE service that contains information on publicly disclosed Cybersecurity vulnerabilities based on data from the CVE® Program.

The new version adds support for CVSS 4.0.

We heard our European customers' complaints about the official CVE platform's poor availability and mediocre user experience. That's why we decided to roll out our own service. Our goal is to provide a simplistic UI with strong search capabilities. Give it a try and let us know what you think!

If you're happy with cve.org and/or need the additional information available on nvd.nist.gov, keep using those platforms, there is no need to switch to us! If you view a CVE on our platform, you'll even find a link to the entry on cve.org and nvd.nist.gov at the bottom of every page.

#cve #vulnerabilitymanagement
#cvss #cvss4

Microsoft officially adopted #CWE. I wonder if they'll also start doing #CVSS4 soon then? https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/

The #CVSS4 course of @firstdotorg is not accessible for people with disabilities. iframe text cannot be copied.

"Revolutionizing Vulnerability Management: Introducing CVSS 4.0 🚀"

The cybersecurity realm takes a significant leap with the release of CVSS 4.0 by FIRST. This new framework enhances precision in vulnerability assessments, especially for OT/ICS/IoT environments, and introduces new metrics like Automatable and Recovery. A game-changer for security professionals! 🛡️💡

Common Vulnerability Scoring System Version 4.0 (CVSS v4.0) is an updated standard for assessing the severity of security vulnerabilities. Unlike its predecessor, CVSS v4.0 emphasizes that it comprises not only the Base score but also incorporates additional factors.

CVSS v4.0 introduces new terminology, such as CVSS-B, CVSS-BT, CVSS-BE, and CVSS-BTE, to represent various combinations of scores. It provides more precise details with the introduction of new Base metrics like Attack Requirements (AT) and User Interaction (UI) values (Passive and Active).

The impact assessment is refined, separating the impact on Vulnerable Systems and Subsequent Systems. Temporal metrics are now part of the Threat metric group, simplifying the assessment. Remediation Level (RL) and Report Confidence (RC) have been retired, replaced by clearer values in Exploit Maturity (E).

A new Supplemental Metric Group adds extrinsic attributes like Safety, Automatability, Recovery, Value Density, Vulnerability Response Effort, and Provider Urgency. CVSS v4.0 also places more emphasis on Operational Technology (OT), Industrial Control Systems (ICS), and Safety, with assessments for Consumer-assessed Safety and Provider-assessed Safety.

CVSS v4.0 enhances the precision and comprehensiveness of vulnerability assessments, making it a valuable tool for evaluating and prioritizing security risks.

Source: BleepingComputer

Tags: #CVSS4 #Cybersecurity #VulnerabilityManagement #FIRST #OT #ICS #IoT #SecurityProfessionals #InfoSec

Author: Sergiu Gatlan - Reach out on Twitter

In an era of rapidly evolving cyber threats, the strategic integration of CVSS 4.0 and Cyberfame offers a promising defense. But how do we effectively harness this potent toolkit for supply chain security?

🔒 Let's conquer these challenges together! Stay in the loop with #Cybersecurity, #SupplyChainSecurity, #CVSS4, #Cyberfame, #ThreatManagement.

⚔️ https://www.linkedin.com/company/cyberfame-io

@campuscodi Interesting, Thanks for sharing! Looking forward to digging deeper into #CVSS4