• United States
Senior Editor, Network World

Qualys announces support for vulnerability rating methodology

Dec 07, 20051 min

Qualys announced its vulnerability-management service QualysGuard now supports a rating methodology called Common Vulnerability Scoring System. CVSS can be used to express the criticality of a discovered vulnerability or threat.

Qualys’s CTO Gerhard Eschelbeck said QualysGuard 4.5, now available, will still use the Qualys proprietary rating system but CVSS is offered as an additional choice to customers to rank vulnerabilities found by scans of their networks. 

Eschelbeck said CVSS is a method for ranking criticalities on a scale of 1 to 10, with 10 being the most critical.

CVSS has been developed with assistance from technical organizations under the stewardship of FIRST. FIRST is the global Forum for Incident Response and Security Teams, a collective for sharing security-related information. FIRST is comprised of the security-response divisions of more than 170 different government, industry and educational institutions, including Bank One, Boeing, AT&T, the Air Force, the Army and Indiana University.