Comments (4)
@pandatix, can you please check?
from cvss-v4-calculator.
My bad this is a refactoring relica in the specification, we decided the order for the Base group is AV / AC / AT / PR / UI / VC / VI / VA / SC / SI / SA
. The idea behind VC / VI / VA / SC / SI / SA
rather than VC / SC / VI / SI / VA / SA
is to reduce the cognitive load of scoring a vulnerability through CVSS v4.0 by setting them aside, so an analyst don't have to switch contexts (vulnerable system and subsystems) all the time.
I will see with @ViperGeek to fix this in the spec 😉
Good catch !
from cvss-v4-calculator.
Acknowledged. Thank you @hdonnay for reporting this. I will update the CVSS v4.0 Specification Document and provide errata (somehow).
Editing the spec is easy. I'm currently figuring out the best way to record the errata. IETF has standard ways of recording it (ref. https://www.ietf.org/about/groups/iesg/statements/processing-errata-ietf-stream/) but as far as I know, this is a first for FIRST.
from cvss-v4-calculator.
The spec has been fixed in version 1.1 @skontar, can close the issue :)
from cvss-v4-calculator.
Related Issues (20)
- Show macro vector in a more transparent way
- Specific Vector Crashes Calculator HOT 1
- New base scores with "MaxBase" considerations.
- Provider Urgency (U): White → Clear
- Bug/compliance: metrics could be defined more than once
- Bug/compliance: metrics with invalid value gives NaN score
- Question: How do CVSS v4.0 Nomenclatures map to CVSS 3.x score types? HOT 12
- Macrovector=1 does not always mean "Medium" HOT 3
- CVSS vector should be generated in Base/Threat/Environmental/Supplemental order HOT 3
- Bug/compliance: (Non-)mandatory metrics behavior is not implemented
- Invalid vector validation
- Potential Incorrect Rounding For Final Score HOT 7
- Cannot run the code locally. HOT 4
- Refactor to reduce dependency on Vue HOT 5
- Discrepancy on score with certain vectors when compared to FIRST calculator HOT 9
- API endpoint HOT 3
- Unknown variable eq3 / eq6
- CVSS v4.0 should show only one score and call sections "metrics"
- EQ3 needs to be changed to [0-2]
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cvss-v4-calculator.