{"id":55502,"date":"2022-08-17T09:18:39","date_gmt":"2022-08-17T01:18:39","guid":{"rendered":"https:\/\/version-2.com\/?p=55502"},"modified":"2022-09-01T14:10:00","modified_gmt":"2022-09-01T06:10:00","slug":"how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2022\/08\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\/","title":{"rendered":"How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?)"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\n<\/p>\n\n

Amid the chaos on the world stage, the macroeconomic backdrop is full of uncertainties. But there is one thing we\u2019re absolutely certain of: cybersecurity solutions will become much more prominent over the next few months and years as global cyberwarfare sets the stage for cybersecurity\u2019s permanent elevation at both the national and corporate levels. <\/p>

Companies and governments are being hacked mercilessly in 2022. Even cybersecurity giants such as Entrust are being breached. The firm revealed that parts of its system were hacked on June 18. Before that, Okta was hit, impacting more than 366 of its corporate customers.<\/p>

That\u2019s just scratching the surface amid a sea change where cybersecurity solutions go from \u201coptional\u201d to \u201cnecessary.\u201d This shift is starting today, but it will play out over the next several years. As it does, global cybersecurity spending will substantially accelerate. So will the need to understand the Common Vulnerability Scoring System (CVSS<\/strong>).<\/p>

Let\u2019s explore how the scoring system works and even how it doesn\u2019t <\/em>work.<\/p>

What Is CVSS<\/strong><\/h3>

The Common Vulnerability Scoring System is a scoring system for vulnerabilities created by FIRST.org<\/a>. CVSS communicates the severity of vulnerabilities through three top-level metrics: base<\/strong>, temporal<\/strong>, and environmental:<\/strong>  <\/p>

Base Metrics<\/strong><\/h4>

On the base level, you\u2019ll see a score that ranges from 0-10 (but can be modified by scores in the other categories). Base factors, in a nutshell, represent the characteristics of the vulnerability. Base CVSS scores are readily available, as enterprises can use them as a starting point to prioritize threats. <\/p>

CVSS can create a pathway to accurate and consistent vulnerability scoring, which is why it’s used as the standard of measurement. Right now, CVSSv3.1 is used the most, although not everyone has kind things to say about it (we\u2019ll get to that in a bit). <\/p>

For now, let\u2019s focus on how CVSS works, starting with its scoring methodology which runs from 0.0 to 10.0 in 0.1 increments. <\/p>

As a system, the two most prevalent use cases are in 1) calculating and ranking threats based on severity of impact to your system environment<\/em>, and 2) prioritizing which vulnerabilities to remediate first<\/em>.<\/p>

This is where it gets complex. For instance, CVSSv3.1 uses an \u201cAccess Vector\u201d to represent vuln severity as a function of how difficult it is to connect to a system in a targeted environment. <\/p>

Let\u2019s unpack that by considering two situations: one in which many thousands are running that system through a network, and a second in which very few are running a system that requires physical adjacency to exploit. The second situation would score as less severe than the situation reliant on network access. <\/p>

But there are many variables to consider. For example, the Access Vector variables include network, adjacent, local, and physical. And there are many more levels, which we will explore in future CVSS articles.<\/p>

The important part to focus on is the permutations of scores. That is, is there a unique score for every possible variable combination? In short, no. There are roughly 101 values to map variable levels to, and more than 2,000 possible variables.<\/p>

Further, CVSS base metrics comprise three subscores: exploitability<\/strong>, scope<\/strong>, and impact<\/strong>. Within these subscores are several more sub-components, which differ depending on the subscore. For instance, the \u201cimpact\u201d score focuses on what outcome could be achieved by a successful exploit, and leverages confidentiality (how much data the attacker has access to), integrity (the ability of the attacker to edit data), and availability (whether it impacts use of systems for a large or small number of users). <\/p>

Temporal Metrics<\/strong><\/h4>

There are also \u201ctemporal\u201d metrics that can change over time. As such, they\u2019re intended to measure how exploitable a vulnerability is right now and the availability of remediating factors. As such, CVSS temporal metrics contain several sub-levels, including the following:<\/p>

  • Exploit code maturity: how stable\/mature is the code used to exploit a particular vulnerability.<\/li>
  • Remediation level: how widely available are patches and other workarounds over time.<\/li>
  • Report confidence: the validity of the vulnerability and its exploit.<\/li><\/ul>

    Environmental Metrics<\/strong><\/h4>

    With environmental metrics, the score essentially modifies the base group depending on a particular enterprise\u2019s characteristics that may increase or decrease the severity of a particular vulnerability. The sub-levels that make up the environmental group are as follows:<\/p>

    • Modified base metrics: Organizations with compensating or mitigating controls are taken into consideration here. For example, is the vuln within a firewall-protected server? Is it within an unused, unconnected server? Or is it within an internet-connected server with public exposure? The latter is of the most severe consequence relative to the former two.<\/li>
    • Security requirements: These measure an asset\u2019s \u201cbusiness criticality\u201d in terms such as \u201cconfidentiality,\u201d \u201cintegrity,\u201d and \u201cavailability.\u201d Confidentiality refers to whether information can be hidden from unauthorized users. Integrity refers to an ability to protect information from being altered. Availability means how accessible information is to authorized users. <\/li><\/ul>

      Acknowledging that we\u2019re only scratching the surface of what CVSS is and how it\u2019s used to prioritize exploits, we\u2019d be remiss not to mention how limited the base score is in accounting for real-world exploits and other mitigating factors.<\/p>

      CVSS Criticisms<\/strong><\/h3>

      Common Vulnerability Scoring System criticisms generally comprise two groups, which include criticisms to CVSS as a risk-identifying method and criticisms to CVSS as a scoring system. Let\u2019s get into some specific complaints\u2026<\/p>

      1. The Attack Vector is not well-defined.<\/strong> For example, paradoxes arise when you consider the vulnerability state of a PDF, as it shows up as \u201clocal\u201d if downloaded and opened in a browser, but shows up as \u201cnetwork\u201d if it immediately opens in a browser.<\/li>
      2. The Attack Complexity criteria overlaps with the Temporal score.<\/strong> Changes over time are meant to be isolated by the Temporal score; however, the base score tends to evolve as an exploit moves from hypothesis to the real world. That\u2019s only supposed to happen in the Temporal score. <\/li>
      3. The concept of \u201cScope\u201d is confusing.<\/strong> This is because different equations are used depending on which Scope level is at risk.<\/li>
      4. \u201cHigh\u201d and \u201clow\u201d levels of granularity for Attack Complexity are insufficient.<\/strong> Compare that to CVSSv2, which had three levels of \u201cAccess Complexity.\u201d <\/li>
      5. CVSSv3.1 consistently scores higher than version 2.<\/strong> This inflates the workload for admins.<\/li><\/ol>

        These are just among some of the many criticisms of CVSS, but there are others to be found. <\/p>

        Perhaps the most important criticism lies in how scoring systems should make up how you prioritize threats but should not be the only part. <\/p>

        As such, many enterprises misuse CVSS as a ranking of risk. For example, CVSS fails to account for much of the context for vulnerabilities, such as how they can be chained, nor does it assess impact in a way that makes sense for how people might be affected by a vulnerability.<\/p>

        The Future of CVSS<\/strong><\/h3>

        Criticisms or not, dissent is what leads to improvements down the line, which we\u2019ll very likely see in the next iteration of CVSS. However, from what I\u2019ve been able to glean from my readings, CVSSv4 will likely not depart from predecessors in a meaningful way. That is, its core construction will remain in place, and many of its proposed changes mostly comprise the tweaking\/adding of variables and their values.<\/p>

        As we head into the future, and as every datapoint and workflow in the world exists on a computer somewhere, securing those systems via cybersecurity solutions will become increasingly vital. In other words, a once-niche industry has blossomed into a burgeoning, $150-plus billion business that constitutes dozens of multi-billion-dollar companies.<\/p>

        To date, this industry has experienced astonishing growth. But it is nothing compared to what will come over the next decade.<\/p>

        The COVID-19 pandemic accelerated the global digital adoption. Such an acceleration sparked a surge in the volume of digital data and workflows in need of security. And in response to that surge, countries and companies alike significantly upped their spending on cybersecurity systems in 2021.<\/p>

        But the conflict in Eastern Europe has added a ton more fuel to the fire.<\/p>

        The reality is that the war between Russia and Ukraine (or, perhaps increasingly more accurately, the rest of the world) has emphasized that modern warfare<\/strong> is cyberwarfare<\/em><\/strong>.<\/p>

        And it will only escalate from here.<\/p>

        As it does, so will the need for education around scoring systems, and how to best use them in context with your enterprise\u2019s specific environment. For instance, we use several scoring systems to set a baseline for criticality, but it\u2019s important to consider how that score may change depending on your enterprise. <\/p>

        A lot of vulnerability management companies do not consider such context, and that\u2019s a huge mistake. We\u2019re hopeful that the next iteration of CVSS addresses such limitations… but even so, it will always remain important to a degree to consider specific contexts and adjust how your threats should be prioritized.<\/p>

        #vicarius_blog #CVSS #vulnerabilitymanagement #vulnerabilities<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

        \n\t\t\t\t
        \n\t\t\t\t\t\t\t
        \t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t\t
        \n\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t

        About Version 2 Digital<\/h3>

        Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

        \nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t

        \n\t\t\t\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t\t
        \n\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t\t\t\t\t

        <\/p>\n

        About VRX<\/b>
        VRX <\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

        Amid the chaos on the world stage, the macroeconomic ba […]<\/p>\n","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,488,61],"tags":[477,489],"class_list":["post-55502","post","type-post","status-publish","format-standard","hentry","category-vrx","category-488","category-press-release","tag-vrx","tag-489"],"acf":[],"yoast_head":"\nHow the Common Vulnerability Scoring System Is Used (And Should You Rely on It?) - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?) - Version 2\" \/>\n<meta property=\"og:description\" content=\"Amid the chaos on the world stage, the macroeconomic ba […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-17T01:18:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-01T06:10:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6wdf1oy3db20ljl621ufcpt.jpg\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/08\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?)\",\"datePublished\":\"2022-08-17T01:18:39+00:00\",\"dateModified\":\"2022-09-01T06:10:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/08\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\\\/\"},\"wordCount\":1515,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl6wdf1oy3db20ljl621ufcpt.jpg\",\"keywords\":[\"vRx\",\"2022\"],\"articleSection\":[\"vRx\",\"2022\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/08\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\",\"name\":\"How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?) - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl6wdf1oy3db20ljl621ufcpt.jpg\",\"datePublished\":\"2022-08-17T01:18:39+00:00\",\"dateModified\":\"2022-09-01T06:10:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl6wdf1oy3db20ljl621ufcpt.jpg\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl6wdf1oy3db20ljl621ufcpt.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?) - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it","og_locale":"zh_HK","og_type":"article","og_title":"How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?) - Version 2","og_description":"Amid the chaos on the world stage, the macroeconomic ba […]","og_url":"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it","og_site_name":"Version 2","article_published_time":"2022-08-17T01:18:39+00:00","article_modified_time":"2022-09-01T06:10:00+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6wdf1oy3db20ljl621ufcpt.jpg","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"version2hk","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"8 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/08\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?)","datePublished":"2022-08-17T01:18:39+00:00","dateModified":"2022-09-01T06:10:00+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/08\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\/"},"wordCount":1515,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6wdf1oy3db20ljl621ufcpt.jpg","keywords":["vRx","2022"],"articleSection":["vRx","2022","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/08\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it\/","url":"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it","name":"How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?) - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6wdf1oy3db20ljl621ufcpt.jpg","datePublished":"2022-08-17T01:18:39+00:00","dateModified":"2022-09-01T06:10:00+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6wdf1oy3db20ljl621ufcpt.jpg","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6wdf1oy3db20ljl621ufcpt.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/how-the-common-vulnerability-scoring-system-is-used-and-should-you-rely-on-it#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?)"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/zh\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-erc","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/55502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=55502"}],"version-history":[{"count":4,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/55502\/revisions"}],"predecessor-version":[{"id":55506,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/55502\/revisions\/55506"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=55502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=55502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=55502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}