[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVSS Information in CVE Descriptions

There has been a recent trend in adding CVSS scores and vectors to the 
CVE description. The following are some examples.


There are currently roughly 1293 entries in the NVD 
 that contain this information.

IMHO, this practice goes beyond what is intended to be included in a 
textual description and has started to appear in entries over the last 
year or so. The current guidance on descriptions is here: 

Since this information can also appear in a dedicated field in CVE 
feeds, this seems to be duplicative in nature. This is not a widely 
used practice yet. Is this a practice that board wants to 


David Waltermire
Information Technology Laboratory | Computer Security Division
National Institute of Standards and Technology

Page Last Updated or Reviewed: May 17, 2018