CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem
The soon-to-be-released Version 4.0 of the Common Vulnerability Scoring System (CVSS) promises to fix a number of issues with the severity metric for security bugs. But vulnerability experts say that prioritizing patches or measuring exploitability will still be a tough nut to crack. The Forum of Incident Response and Security Teams (FIRST) released a preview…