Scoring Systems
CVSS (Common Vulnerability Scoring System)
Industry-standard scoring from 0.0 to 10.0 measuring vulnerability severity:
| Score | Severity |
|---|---|
| 9.0 - 10.0 | Critical |
| 7.0 - 8.9 | High |
| 4.0 - 6.9 | Medium |
| 0.1 - 3.9 | Low |
EPSS (Exploit Prediction Scoring System)
Machine learning model predicting the probability a vulnerability will be exploited in the next 30 days. Range: 0% to 100%. Maintained by FIRST.org.
Key difference: CVSS measures "how bad?" while EPSS measures "how likely?"