Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?

Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates
to conducting code review?

Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates
to conducting code review?

A.
It has normalized severity ratings.

B.
It has many worksheets and practices to implement.

C.
It aims to calculate the risk of published vulnerabilities.

D.
It requires a robust risk management framework to be put in place.

Show Hint

Leave a Reply to robin Cancel reply5

Your email address will not be published. Required fields are marked *

8 − two =

Dan

Dan

I don’t understand how the answer C is a limitation rather than a feature of CVSS.

Reply

Answer doesn't look correct

Answer doesn't look correct

I don’t think answer is correct here as well,

Reply

Mig

Mig

CVSS score is assigned only to known/published vulnerabilities. During code review, you’re (in most cases) looking for zero-day vulnerabilities.

Reply

bekh

bekh

Answer is completely correct.
vulnerabilities when become public known by All , you will see it in CVSS.
this is compared to zero-day vulnerabilities!!!

when vulnerabilities become known, then it has been rated after code reviews

my personal opinion

Reply

robin

robin

I think answer is correct.
No pr at all.

Reply