Siebel Security Hardening Guide > Performing Security Testing >

About the Common Vulnerability Scoring System

You can use the Common Vulnerability Scoring System (CVSS) to determine the characteristics and severity of a security vulnerability and to assess its impact on your environment. The CVSS is an open, industry-standard method used to score system vulnerabilities.

In the CVSS, vulnerabilities are assessed on three measures: base properties, temporal properties, and environmental properties. The resultant composite score represents the overall risk posed by the vulnerability in your environment. Using the CVSS can help you determine the severity of vulnerabilities that you find and therefore help determine the priority given to resolving them.

The CVSS is maintained by the Forum of Incident Response and Security Teams (FIRST). For additional information on using the CVSS, go to the FIRST Web site at

http://www.first.org/cvss/

A calculator for scoring vulnerabilities using the CVSS method is available from the National Vulnerability Database Web site at

http://nvd.nist.gov/cvss.cfm