Definitions

CVSS: Common Vulnerability Scoring System.  The CVSS framework is maintained by the Forum of Incident Response and Security Teams (FIRST), a nonprofit organization consisting of more than 500 members.

CVSS scores are calculated using a formula consisting of vulnerability-based metrics. A CVSS score is derived from scores in these three groups: Base, Temporal and Environmental. Scores range from zero to 10, with zero representing the least severe and 10 representing the most severe.

CVE: Common Vulnerabilities and Exposures. CVE divides threats into two categories: vulnerabilities and exposures. The catalog, which is sponsored by Department of Homeland Security's (DHS), is designed to standardize the way each known vulnerability or exposure is identified.

CVE system is a vulnerability classification scheme, which assigns each vulnerability a unique identifier, as listed in the National Institute of Standards and Technology (NIST) National Vulnerability Database. CVE identifiers are formatted as follows:

CVE-[Four-Digit Year]-[Sequential Identifier]