CVSS 4.0 additionally has shortcomings, researchers say
The upcoming CVSS 4.0 framework introduces expanded influence metrics, refined temporal metrics, and new supplemental metrics to enhance evaluation accuracy. Nevertheless, points together with an absence of consideration of privateness considerations and superior persistent menace (APT) associations stay, in accordance with the JPMorganChase security researchers.
JPMorganChase has put collectively a framework to issue within the lack of APT and exploitability weighting and the difficulty of dependencies. The monetary providers large has developed a conceptual design it’s encouraging different members of the security group to evaluate and take part in additional refining.
In response to a query from CSO, Syed Islam, a principal security architect at JPMorganChase, acknowledged that solely organizations that had achieved a level of security maturity — for instance by having a list of applied sciences and purposes upon which their enterprise depends — would profit considerably from making use of its vulnerability evaluation methodology.
