Don’t Substitute CVSS for Risk: Scoring System Inflates Importance of CVE-2017-3735

0

I am a wry observer of vulnerability announcements. CVE-2017-3735—which can allow a small buffer overread in an X.509 certificate—presents an excellent example of the limitations of the Common Vulnerability Scoring System (CVSS).

Read full news article on McAfee Labs