• 欢迎访问速搜资源吧,如果在网站上找不到你需要的资源,可以在留言板上留言,管理员会尽量满足你!

【速搜问答】CVSS是什么

问答 admin 3年前 (2020-07-16) 886次浏览 已收录 0个评论

汉英对照:
Chinese-English Translation:

通用漏洞评分系统(CVSS)是一个行业公开标准,其被设计用来评测漏洞的严重程度,并帮助确定所需反应的紧急度和重要度。提供了一种捕获漏洞主要特征并产生反映其严重性的数字评分的方法。

The general vulnerability scoring system (CVss) is an industry open standard designed to assess the severity of vulnerabilities and help determine the urgency and importance of the response required. This paper provides a method to capture the main characteristics of vulnerability and generate a numerical score reflecting its severity.

通用安全漏洞评分系统(CVSS,Common Vulnerability Scoring System)是一个“行业公开标准,其被设计用来评测漏洞的严重程度,并帮助确定所需反应的紧急度和重要度”。

CVss (common vulnerability scoring system) is an “industry open standard, which is designed to assess the severity of vulnerabilities and help determine the urgency and importance of the response required”.

CVSS 是安全内容自动化协议(SCAP)的一部分,通常 CVSS 同 CVE 一同由美国国家漏洞库(NVD)发布并保持数据的更新。

CVss is a part of security content automation protocol (SCAP). Usually, CVss and CVE are released by the national vulnerability database (NVD) of the United States and keep the data updated.

通用漏洞评分系统(CVSS)提供了一种捕获漏洞主要特征并产生反映其严重性的数字评分的方法。然后,可以将数字分数转换为定性表示形式(例如低,中,高和关键),以帮助组织正确评估漏洞管理流程并确定其优先级。

The general vulnerability scoring system (CVss) provides a method to capture the main characteristics of vulnerabilities and generate numerical scores reflecting their severity. Numerical scores can then be converted into qualitative representations (such as low, medium, high, and critical) to help organizations properly assess and prioritize the vulnerability management process.

CVSS 是全世界组织使用的已发布标准,SIG 的使命是继续对其进行改进。

CVss is a published standard used by organizations all over the world, and SIG’s mission is to continue to improve it.

该通用安全漏洞评分系统(CVSS)是一个自由和开放的 行业标准,以评估严重程度计算机系统的安全 漏洞。CVSS 尝试为漏洞分配严重性评分,从而使响应者可以根据威胁对响应和资源进行优先级排序。分数是根据取决于多个指标的公式计算得出的大致易于利用,以及利用的影响。分数范围是 0 到 10,其中 10 分是最严重的。尽管许多人仅使用 CVSS 基本分数来确定严重性,但也存在时间和环境分数,以分别考虑缓解措施的可用性和组织中易受攻击的系统的分布。

The general security vulnerability scoring system (CVss) is a free and open industry standard to assess the severity of security vulnerabilities in computer systems. CVss attempts to assign severity scores to vulnerabilities so that responders can prioritize responses and resources based on threats. The score is calculated based on a formula that depends on multiple indicators and is generally easy to use, as well as the impact of utilization. The score ranges from 0 to 10, of which 10 is the most serious. Although many people use only the CVss base score to determine severity, there are time and environment scores to consider the availability of mitigation measures and the distribution of vulnerable systems in an organization, respectively.


速搜资源网 , 版权所有丨如未注明 , 均为原创丨转载请注明原文链接:【速搜问答】CVSS是什么
喜欢 (1)
[361009623@qq.com]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址