I get why they're doing it. But the truth is that there are still places using CVSS 2.0 to grade their vulnerabilities. The switch to CVSS 4.0 is going to take forever unless there's some conversion logic from 3->4.
this post was submitted on 06 Jul 2023
5 points (100.0% liked)
appsec
335 readers
1 users here now
A community for all things related to application security.
founded 1 year ago
MODERATORS
That's kind of legacy debt at some point. I understand why they still want to move towards evolving the standard