University of Twente Student Theses
Severity vs Risk : The limitations of CVSS
Albab, M.R. (2025) Severity vs Risk : The limitations of CVSS.
|
PDF
409kB |
| Abstract: | The CVSS is otherwise known as the Common Vulnerability Scoring System. Undoubtedly a standard in prioritizing and assessing software vulnerabilities. A structured approach and numerical scoring system vastly help evaluate vulnerabilities based on technical severity. Despite its popularity, the CVSS has limitations. For example, it often does not align with real-world exploitation trends or some specific needs of stakeholders like patch developers. This paper is a systematic literature review to identify and analyze these shortcomings, specifically the prioritization of vulnerabilities for risk management. Furthermore, the proposed solutions are analyzed to address these issues, including alternative frameworks with a comparative evaluation of their effectiveness. These findings aim to provide a better understanding of the limitations of CVSS and its potential for improvement in vulnerability prioritization practices. |
| Item Type: | Essay (Bachelor) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Business & IT BSc (56066) |
| Link to this item: | https://purl.utwente.nl/essays/106247 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page