HomeProductsSupportServicesTrainingPartnersCompanyContact     


assuriaONLINE Customer and Partner resources Logon / register
     
assuria auditor
Assuria AuditorRegulatory complianceAssuria Auditor CVSSAssuria VITAAssuria Auditor WorkBench
HP and AssuriaDeclaration of OVAL compatibility
AssuriaOnline Download CentreRelease HistorySupported platformsSystem Requirements


CVSS in Assuria Auditor

Assuria Auditor AutoUpdate 65 introduced CVSS reporting and score manipulation features to the Assuria Auditor Console.

CVSS is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities. CVSS helps organizations prioritize and coordinate a joint response to security vulnerabilities by communicating the base, temporal and environmental properties of a vulnerability.

The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS consists of 3 groups: Base, Temporal and Environmental. Each group produces a numeric score ranging from 0 to 10, and a Vector, a compressed textual representation that reflects the values used to derive the score. The Base group represents the intrinsic qualities of a vulnerability. The Temporal group reflects the characteristics of a vulnerability that change over time. The Environmental group represents the characteristics of a vulnerability that are unique to any user's environment. CVSS enables IT managers, vulnerability bulletin providers, security vendors, application vendors and researchers to all benefit by adopting this common language of scoring IT vulnerabilities.  A Guide to CVSS is available at http://www.first.org/cvss/cvss-guide.html

FIRST sponsors and supports CVSS. FIRST is the Forum of Incident Response and Security Teams. FIRST brings together a wide variety of security and incident response teams including especially product security teams from the government, commercial, and academic sectors. FIRST hosts a special interest group to update and promote CVSS and provides a central repository for CVSS documentation.

CVSS Score online.  The NIST NVD site has all security alerts CVSS scored and presented at http://nvd.nist.gov/nvd.cfm. 

NIST also have XML feeds that anyone can use http://nvd.nist.gov/download.cfm#XML

For further information on CVSS v2, please see

                         http://www.first.org/cvss

and

                         http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
 

Assuria Auditor and CVSS

In Assuria Auditor Console CVSS scores and vectors for checks can be viewed in the policy navigators and all html based reports. Reports can be ordered in different combinations of risk level and/or CVSS score.

A CVSS vector editor is provided as part of the Assuria Auditor Console, to allow customers to set their own vectors (and hence scores) for checks.  The CVSS Vector Editor can be accessed from the Maintenance menu -> CVSS.

Assuria Auditor reports include CVSS data in the Summary section and detail section of reports.

 

CVSS Score online.  The NIST NVD site has all security alerts CVSS scored and presented at http://nvd.nist.gov/nvd.cfm

NIST also have XML feeds that anyone can use http://nvd.nist.gov/download.cfm#XML

Further information on CVSS is available at http://www.first.org/cvss/

 


 


System Scanner and X-Press Update are registered trademarks of Internet Security Systems Inc. of Atlanta, Georgia, USA
© Copyright Assuria Limited.  All rights reserved.
 

20/02/2008

Legal notice | Site map | Contact Assuria