{"id":2289,"date":"2022-08-10T16:38:30","date_gmt":"2022-08-10T20:38:30","guid":{"rendered":"https:\/\/shirishranjit.com\/blog1\/?page_id=2289"},"modified":"2022-08-17T12:16:10","modified_gmt":"2022-08-17T16:16:10","slug":"software-vulnerability-primer","status":"publish","type":"page","link":"https:\/\/shirishranjit.com\/blog1\/mlops\/mlsecops-blackduck-scanning\/software-vulnerability-primer","title":{"rendered":"Software Vulnerability Primer"},"content":{"rendered":"\n<p>National Institute of Standards and Technology (US Department of Commerce) has created a National Vulnerability database.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.\u00a0<\/p><cite>NIST &#8211; NVD <\/cite><\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">NVD Vulnerability Severity Ratings<\/h2>\n\n\n\n<p>NVD provides qualitative severity ratings of &#8220;Low&#8221;, &#8220;Medium&#8221;, and &#8220;High&#8221; for CVSS v2.0 base score ranges&nbsp;in addition to the&nbsp;severity ratings for CVSS v3.0&nbsp;as they are defined in the CVSS v3.0 specification.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><th>CVSS v2.0 Ratings<\/th><th>                                           CVSS v3.0 Ratings<\/th><\/tr><tr><th>Severity<\/th><th>Base Score Range<\/th><th>Severity<\/th><th>Base Score Range<\/th><\/tr><tr><td>&nbsp;<\/td><td>&nbsp;<\/td><td>None<\/td><td>0.0<\/td><\/tr><tr><td>Low<\/td><td>0.0-3.9<\/td><td>Low<\/td><td>0.1-3.9<\/td><\/tr><tr><td>Medium<\/td><td>4.0-6.9<\/td><td>Medium<\/td><td>4.0-6.9<\/td><\/tr><tr><td>High<\/td><td>7.0-10.0<\/td><td>High<\/td><td>7.0-8.9<\/td><\/tr><tr><td>&nbsp;<\/td><td>&nbsp;<\/td><td>Critical<\/td><td>9.0-10.0<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>References<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>NIST Vulnerability Database: <a href=\"https:\/\/nvd.nist.gov\">https:\/\/nvd.nist.gov<\/a><\/li><li>NIST metrics definition &#8211; https:\/\/nvd.nist.gov\/vuln-metrics\/cvss<\/li><li>NIST for developers: <a href=\"https:\/\/nvd.nist.gov\/developers\/start-here\">https:\/\/nvd.nist.gov\/developers\/start-here<\/a><\/li><li>CVE org site: <a href=\"https:\/\/www.cve.org\">https:\/\/www.cve.org<\/a><\/li><li>CVSS calculator : <a href=\"https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\">https:\/\/nvd.nist.gov\/vuln-metrics\/cvss<\/a><\/li><li>FIRST (Security organization): <a href=\"https:\/\/www.first.org\">https:\/\/www.first.org<\/a><\/li><li>FIRST CVSS calculator: <a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1\">https:\/\/www.first.org\/cvss\/calculator\/3.1<\/a><\/li><li>CVE Details (The ultimate security vulnerability datasource): <a href=\"https:\/\/www.cvedetails.com\">https:\/\/www.cvedetails.com<\/a><\/li><\/ul>\n<div class=\"twttr_buttons\"><div class=\"twttr_twitter\">\n\t\t\t\t\t<a href=\"http:\/\/twitter.com\/share?text=Software+Vulnerability+Primer\" class=\"twitter-share-button\" data-via=\"\" data-hashtags=\"\"  data-size=\"default\" data-url=\"https:\/\/shirishranjit.com\/blog1\/mlops\/mlsecops-blackduck-scanning\/software-vulnerability-primer\"  data-related=\"\" target=\"_blank\">Tweet<\/a>\n\t\t\t\t<\/div><div class=\"twttr_followme\">\n\t\t\t\t\t\t<a href=\"https:\/\/twitter.com\/shiranjit\" class=\"twitter-follow-button\" data-size=\"default\"  data-show-screen-name=\"false\"  target=\"_blank\">Follow me<\/a>\n\t\t\t\t\t<\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>National Institute of Standards and Technology (US Department of Commerce) has created a National Vulnerability database. The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables &hellip; <a href=\"https:\/\/shirishranjit.com\/blog1\/mlops\/mlsecops-blackduck-scanning\/software-vulnerability-primer\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"parent":2139,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2289","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/shirishranjit.com\/blog1\/wp-json\/wp\/v2\/pages\/2289"}],"collection":[{"href":"https:\/\/shirishranjit.com\/blog1\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/shirishranjit.com\/blog1\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/shirishranjit.com\/blog1\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/shirishranjit.com\/blog1\/wp-json\/wp\/v2\/comments?post=2289"}],"version-history":[{"count":6,"href":"https:\/\/shirishranjit.com\/blog1\/wp-json\/wp\/v2\/pages\/2289\/revisions"}],"predecessor-version":[{"id":2303,"href":"https:\/\/shirishranjit.com\/blog1\/wp-json\/wp\/v2\/pages\/2289\/revisions\/2303"}],"up":[{"embeddable":true,"href":"https:\/\/shirishranjit.com\/blog1\/wp-json\/wp\/v2\/pages\/2139"}],"wp:attachment":[{"href":"https:\/\/shirishranjit.com\/blog1\/wp-json\/wp\/v2\/media?parent=2289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}