We use the Common Vulnerability Scoring System (CVSS) v3.1 for assessing and communicating the characteristics and impacts of security vulnerabilities. The quantitative model of CVSS ensures repeatable and accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the scores.
CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability impact scores.
Two common uses of CVSS are prioritization of vulnerability fix activities and in calculating the severity of vulnerabilities discovered on one’s systems. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities.