CVSS Alternatives?

Asked May 21 '18 at 12:59

Active May 21 '18 at 13:55

Viewed 1,075 times

I am looking for suggestions of alternatives to vulnerability scoring systems such as CVSS & DREAD.

I have found that DREAD is too subjective to work and CVSS was ranking everything too highly and doesn't really fit.

I'm thinking about some alternatives but can't seem to find many, or much information on why they are better than CVSS?

edited May 21 '18 at 13:55

schroeder

asked May 21 '18 at 12:59

dperrie

1

My understanding of your question is that you state in your subjective opinion that DREAD is too subjective and CVSS rates too high. You then expect to find something which is "better" in your subjective opinion but don't actually describe any objective criteria how it should be better which makes the question too broad. If you just need it for internal use then you can make up any scheme you want. If you expect instead third party products too be rated by a scheme then you probably need to live with what is established, even though it might not be perfect and you personally don't like it. – Steffen Ullrich May 21 '18 at 13:38
Why do you feel the CVSS rates things too highly? Why do you need a lower score? It is trivial to overlay a risk-based metric over top of CVSS to lower the impact to your specific situation and you do not need a whole new scoring system. – schroeder May 21 '18 at 13:56

0 Answers0