March 8, 2005 - (HOSTSEARCH.COM) - Microsoft in cooperation with industry security company Symantec and others have developed a standard rating for the security flaws in software to help IT system administrators prioritize security risks and software patches. Presented at the RSA 2005 conference the CVSS or Common Vulnerability Scoring System is designed to bridge the gap between the currently disparate security ranking systems used by different companies. In the past there has been little interoperability among the varying systems and they have often been limited in scope as to what they cover.
New Scientist reported on the new standard quoting Bruce Schneier with Counterpane Security as having said, "There are just too many vulnerabilities for managers to pay attention to all of them."
CVSS assesses a vulnerability according to seven characteristics, including the threat of data loss and system crashes, and the extent to which it gives a hacker access to confidential information that might lead to identity theft.
