Security researchers at F5 monitor web traffic 24/7 at locations around the world and the F5 Security Incident Response Team (SIRT) helps customers tackle incident response in real time. And when they find a new vulnerability, it’ll often get a Common Vulnerability & Exposures number like CVE-2019-1105 for the ‘Outlook for Android Spoofing Vulnerability’.
Created in 1999, the CVE provides definitions for all publicly known cybersecurity vulnerabilities and exposures. So, gimmie 90 Seconds to understand a little bit about the Common Vulnerability & Exposures.
Now that we’ve looked at how vulnerabilities become CVEs, let’s explain how a CVE gets scored.
The Common Vulnerability Scoring System or CVSS was introduced in 2005 as an open framework for communicating the characteristics and severity of software vulnerabilities. It consists of three metric groups: Base, Temporal, and Environmental. Once again, let’s start the clock to understand a little bit about the Common Vulnerability Scoring System.