COMMON VULNERABILITY SCORING SYSTEM
RIM uses version 2 of the Common Vulnerability Scoring System (CVSS) internally to rank and prioritize security vulnerabilities in BlackBerry products. CVSS is a system designed to provide a standardized method for rating vulnerabilities in technology. Its main function within RIM is to assist in prioritizing vulnerabilities and determining appropriate actions for remediation. Customers performing their own risk assessments of vulnerabilities that may impact them can benefit from using the same industry-recognized CVSS metrics.
A CVSS score has three groups of metrics:
- Base metrics consider the inherent characteristics of a vulnerability, such as ease of exploitation and potential impact.
- Temporal metrics consider additional factors that change over time, such as remediation status and report confidence.
- Environmental metrics consider factors depending on the deployment of the vulnerable technology, such as collateral damage potential.
For initial triage and prioritization, RIM primarily uses base metrics to determine a CVSS Base Score.
To get a full understanding of CVSS, view the CVSS v2 Complete Guide on the FIRST website.