cvss-v31-specification_r1原文信息安全资料 .docxVIP

TLP:WHITE

CommonVulnerabilityScoringSystemversion3.1

SpecificationDocument

Revision1

TheCommonVulnerabilityScoringSystem(CVSS)isanopenframeworkforcommunicatingthecharacteristicsandseverityofsoftwarevulnerabilities.CVSSconsistsofthreemetricgroups:Base,Temporal,andEnvironmental.TheBasegrouprepresentstheintrinsicqualitiesofavulnerabilitythatareconstantovertimeandacrossuserenvironments,theTemporalgroupreflectsthecharacteristicsofavulnerabilitythatchangeovertime,andtheEnvironmentalgrouprepresentsthecharacteristicsofavulnerabilitythatareuniquetoausersenvironment.TheBasemetricsproduceascorerangingfrom0to10,whichcanthenbemodifiedbyscoringtheTemporalandEnvironmentalmetrics.ACVSSscoreisalsorepresentedasavectorstring,acompressedtextualrepresentationofthevaluesusedtoderivethescore.ThisdocumentprovidestheofficialspecificationforCVSSversion3.1.

ThemostcurrentCVSSresourcescanbefoundat/cvss/

CVSSisownedandmanagedbyFIRST.Org,Inc.(FIRST),aUS-basednon-profitorganization,whosemissionistohelpcomputersecurityincidentresponseteamsacrosstheworld.FIRSTreservestherighttoupdateCVSSandthisdocumentperiodicallyatitssolediscretion.WhileFIRSTownsallrightandinterestinCVSS,itlicensesittothepublicfreelyforuse,subjecttotheconditionsbelow.MembershipinFIRSTisnotrequiredtouseorimplementCVSS.FIRSTdoes,however,requirethatanyindividualorentityusingCVSSgiveproperattribution,whereapplicable,thatCVSSisownedbyFIRSTandusedbypermission.Further,FIRSTrequiresasaconditionofusethatanyindividualorentitywhichpublishesscoresconformstotheguidelinesdescribedinthisdocumentandprovidesboththescoreandthescoringvectorsootherscanunderstandhowthescorewasderived.

Contents

1.Introduction3

TLP:WHITE

TLP:WHITE

1.1.Metrics31.2.Scoring52.Base