Cyber Security News

Next Generation CVSS v4.0 Vulnerability Scoring System Released: What’s New!

FIRST, the Forum of Incident Response and Security Teams has recently unveiled the latest version of their Common Vulnerability Scoring System (CVSS).

The new CVSS 4.0 is the replacement of CVSS 3.0 and provides security experts with a powerful tool to better assess the severity of security vulnerabilities, taking into account both the technical aspects of the vulnerability and the potential impact on business operations.

With enhanced metrics and a wider range of possible scores, CVSS 4.0 offers a more granular and accurate approach to vulnerability assessment, enabling organizations to prioritize their security efforts more effectively.

This tool was presented at the 35th Annual FIRST Conference in Montreal, Canada, last month. CVSS 4.0 is a big improvement from the previous versions of the tool.

CVSS is a tool that helps people measure how serious a security problem is. It gives a number that shows how bad the problem is and how it can affect people. This helps businesses, service providers, governments, and the public to make better decisions about cybersecurity.

Document
FREE Webinar

Webinar on Cyber Resilience for Financial Sector

Ensure your Cyber Resiliance with the recent wave of cyber-attacks targeting the financial services sector. Almost 60% respondents not confident to recover fully from a cyber attack.

CVSS 4.0 has some new features that make it more useful and accurate. It can measure more details about the security problem, such as how easy it is to exploit and how much damage it can cause. 

It can also show how the problem changes over time and how it affects different environments. This helps organizations prioritize and manage their security problems more effectively.

CVSS v4.0 Vulnerability Scoring

One of the best features of CVSS 4.0 is that it can show the current threat level of a security problem. Here you can find the Common Vulnerability Scoring System Version 4.0 Calculator.

This means that people can see how dangerous the problem is right now and what they can do to protect themselves from cyber-attacks.

CVSS has been around since 2005 when people realized that they needed a common way to measure security problems. 

The tool has changed over time to keep up with the changing cybersecurity world. Version 4.0 is the biggest change so far because it adds threat intelligence and environmental metrics to the tool. 

The tool also has new names for different scores, such as CVSS Base Score, CVSS Base + Threat Score, CVSS Base + Environmental Score, and CVSS Base + Threat + Environmental Score. These names show how comprehensive the tool is.

Chris Gibson, CEO of FIRST, said that he was proud of how CVSS has evolved and that FIRST wants to help its members and the sector to defend people from cyber-attacks.

CVSS 4.0 is a tool that can help people to be more prepared and resilient against cyber threats.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

10 Best Vulnerability Assessment and Penetration Testing (VAPT) Tools in 2025

Vulnerability Assessment and Penetration Testing (VAPT) tools are an integral part of any cybersecurity toolkit,…

6 hours ago

Microsoft Entra ID Bug Allow Unprivileged Users to Change Their User Principal Names

Microsoft has allowed unprivileged users to update their own User Principal Names (UPNs) in Entra…

12 hours ago

IntelBroker Resigned as a BreachForums Owner

IntelBroker, a key figure within the dark web's BreachForums, has announced his resignation as the…

12 hours ago

Kubernetes Cluster RCE Vulnerability Let Attacker Takeover All Windows Nodes

A critical vulnerability in Kubernetes, designated as CVE-2024-9042, has been discovered, enabling attackers to execute…

22 hours ago

CISA Warns of SonicWall 0-day RCE Vulnerability Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical…

23 hours ago

100+ Vulnerabilities in LTE & 5G Infrastructure Enable Remote Core Compromise

Researchers from the University of Florida and North Carolina State University conducted an extensive analysis…

1 day ago