The US NIST operates the NVD vulnerability database. The backlog of analyses is large, and the Inspector General's criticism ...

Management by the National Institute of Standards and Technology of a repository of vulnerability data came under sharp ...

You may have noticed over the last couple years that Cisco has been sending out its PSIRT e-mails with a Common Vulnerability Scoring System (CVSS) score included. Despite being a tad cryptic, this is ...

Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware. The Forum of Incident ...

When videoconferencing service Zoom searched for a better way to assign a severity to vulnerabilities found during bug bounty programs, the company's security team could not find a suitable approach: ...

The latest version of the Common Vulnerability Scoring System (CVSS version 4.0), released last week, should enable organizations to better assess and manage the risk that a security bug might pose to ...

Leading IT companies including Cisco Systems, Microsoft , and Symantec are promoting a rating system that will standardize the measurement of the severity of software vulnerabilities. A plan for the ...

Tenable today announced new risk prioritization and compliance features for Tenable Nessus. Nessus supports new and updated vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and ...

A vulnerability in Cisco’s SD-WAN platform just earned the worst score possible: a perfect 10.0 out of 10.0 on the Common ...

As Oracle prepares to kick off its OpenWorld conference in San Francisco this week, the Redwood Shores, Calif.-based vendor is facing questions over the threat ratings it published for the 101 ...