Frameworks & standards
CVSS
Common Vulnerability Scoring System
The Common Vulnerability Scoring System (CVSS) provides a standardized way to rate vulnerability severity on a 0-10 scale using metrics for exploitability and impact. CVSS communicates severity consistently, but a score is not the same as real-world risk - context and exploitability, which offensive testing establishes, determine actual priority.
Key points
- 0-10 severity scale from exploitability and impact metrics.
- Standardizes communication of severity.
- Not a substitute for proven, contextual risk.
Related
References
Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.
Join the waitlist