The Subjective Nature of a CVSS Score

| | Industry
A CISO’s Perspective During a recent internal threat modeling exercise, a member of the Eclypsium team discovered that a vendor had mis-scored a few related vulnerabilities across a consumer/enterprise grade product line. The vendor presented these vulnerabilities as a CVSS severity of Medium when our understanding of the issue resulted ... Read More