Improving the Common Vulnerability Scoring System
Art Manion, Deana Shick, and Jonathan Spring a 2019 paper that outlines challenges with the Common Vulnerability Scoring System (CVSS) and proposes changes to improve it.
Details on their proposed new system, the Stakeholder-specific Vulnerability Categorization, are available at https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=653459.
About the Speaker
Jonathan Spring is an SEI alumni employee.
Jonathan Spring is a senior member of the technical staff with the CERT division of the Software Engineering Institute (SEI) at Carnegie Mellon University. Spring began working at the SEI in 2009. Prior posts include adjunct professor at the University of Pittsburgh’s School …Read more
Art Manion is an SEI alumni employee.
Art Manion is a senior member of the Vulnerability Analysis team in the CERT Program at the Software Engineering Institute (SEI), Carnegie Mellon University. Since joining CERT in 2001, Manion has studied vulnerabilities, coordinated disclosure efforts, and published advisories, alerts, and vulnerability notes …Read more