Summary
This article provides a brief introduction to the official CVSS (Common Vulnerability Scoring System).
Synopsis
CVSS is an industry-wide method used to objectively measure and communicate the severity of a security vulnerability. There are similar scoring systems, but CVSS is the most widely used.
Discussion
A CVSS score ranges from the most severe 10.0 to the least severe 0.0. Every security vulnerability scored with CVSS has at least has a "base score". There are optional additional scores that can be blended with the base score to create an "overall score".
For example, the CVE-2013-2251 security vulnerability has a CVSS base score of 9.3; that is, very severe. It is likely that the community of users for software containing a security vulnerability with a 9.3 CVSS base score will demand that the software's author resolve the vulnerability in a very short time frame.
The CVSS score is calculated by the person or entity that publicly discloses the security vulnerability. To date, even security vulnerabilities in Flexera products have been scored by someone else. However, it is possible that Flexera will score its own vulnerabilities in the future. A CVSS score can change over time as more information about the vulnerability is learned.