Expert Comment: FIRST’s CVSS 4.0 vuln scoring standard released this week
November 2023 by Pierre Samson, CRO of Hackuity
The CVSS 4.0 severity standard rating was officially released this week by FIRST, eight years on from CVSS 3.0. The CVSS vulnerability scoring standard has been updated to remove ambiguities and offer larger amounts of data in the rating of downstream issues.
Pierre Samson, CRO of Hackuity, points out that "FIRST has announced the release of the CVSS 4.0 Severity rating, eight years from CVSS 3.0, to offer more granularity for consumers. It’s a significant development indicative of the need for enhanced metrics to support businesses in assessing security vulnerabilities.
As threats continue to grow in scale, severity and sophistication, it has become increasingly important for organisations to have the most accurate picture of what threats to prioritise based on their own business context. Given the sheer pace with which new vulnerabilities emerge, understanding these threats against the framework of each business’s individual environment and risk profile will matter more than ever.”