Posted on

The Lifeline of a Vulnerability

The Vulnerability Was Generated Until It Was Found 

Again and again, we read something in the IT news about security gaps that have been found. The more severe the classification of this loophole, the more attention this information will get in the general press. Most of the time, you don't even hear or read anything about all the security holes found that are not as well known as the SolarWinds Hack, for example. But what is the typical lifeline of such a security gap?

Let's start with the birth of a vulnerability. This birth can be done in two differently motivated ways. On the one hand, it can happen to any developer that he creates a security hole by an unfortunate combination of source code pieces. On the other hand, it can also be based on targeted manipulation. However, this has essentially no effect on the further course of the lifeline of a security vulnerability. In the following, we assume that a security hole has been created and that it is now active in some software. These can be executable programs or libraries offered that are integrated into other software projects as a dependency.

Posted on

CVSS: The Basics Explained

The Basic Idea of CVSS

What is the Common Vulnerability Scoring System (CVSS), who is behind it, what are we doing with it, and what does CVSS Value mean to you? I will explain how a CVSS Score is calculated, what the different elements of it mean, what the differences are between the different CVSS versions.

The basic idea behind CVSS is to provide a general classification of the severity of a security vulnerability. This is about the classification and evaluation of weak points. But, what does the abbreviation CVSS mean?