HI! When is CVSS version 4 expected to be implemented in GSM? Is the implementation of EPSS also planned? Thank you.
CVSS 4 has been in a state of public preview and feedback for a while and was officially released on November 1st, 2023. However, NIST, MITRE, or even vendors issuing CVEs have not begun issuing CVSS 4 scores or vectors.
I guess Greenbone’s answer to the CVSS 4.0 implementation question is similar to the answer from Qualys:
CVSS v4 scoring will be integrated into Qualys VMDR while vendors begin to include CVSS v4 scores in their security advisories.
1 Like
Hi,
first of all you need to ask yourself which value does bring a CVSSv4 compared to a CVSSv3 to you personally. At the moment not much. Vendors will slowly adapt it and it will take several years to replace CVSSv3. Was the same with CVSSv3 and CVSSv2.
2 Likes
In summary, CVSS 4.0 and EPSS are currently in the research and planning phase at Greenbone. We do not yet have a time frame for when they will be introduced for our products.
3 Likes