LASCON 2024

Common Vulnerability Scoring System (CVSS) is the global go-to standard for attributing criticality scores to vulnerabilities. In this talk, I will explore the latest iteration of CVSS (version 4, its adoption in the InfoSec, and its importance to the Open Source community. I will talk about its role in vulnerability risk management and how it's critical for prioritizing risks. I will highlight some ever-enduring challenges, how to optimize the scoring effectiveness to overcome some of those challenges, and play with ideas for an effective solution within the broader context of cybersecurity. I aim to engage with a diverse audience, offering insights into the evolving landscape of vulnerability assessment and inspiring discussion on the future developments of the vector for proper risk management in open-source vulnerabilities, with the idea of leaving some open questions for the future.