Tag
#CVSS
2 stories taggedCVSS.

Policy & Regulation
CISA's New Patching Directive Drops CVSS as the North Star
BOD 26-04 introduces a four-factor framework that prioritizes internet exposure, active exploitation, and attacker automation over raw severity scores — and gives agencies three days to act on the worst cases.
3 min

Policy & Regulation
Inspector General Pins NVD Backlog on NIST Mismanagement — But the Real Problem Runs Deeper
A Commerce Department IG report calls out strategic failures, duplicated work, and severity scores that matched only 12% of the time. Budget cuts and genAI-driven vuln volume tell the rest of the story.
3 min