Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CVSS Scores in Nessus Plugins

For over a year now, Tenable has been including CVSS base scores in the plugins we write for Nessus as well as Passive Vulnerability Scanner (PVS) to give our customers an objective way to assess the risk of flaws those plugins test for. We've been calculating these scores in-house during the course of investigating vulnerabilities and how to test for them. Until recently, our efforts have been largely independent of NIST's own work in this area.

Since early November, though, Tenable has been using the CVSS scores that NIST calculates and includes in its National Vulnerability Database. We still calculate our own scores initially, as our plugins are often released at the same time -- or even slightly before -- CVE ids are issued. But a daily synchronization process reports differences and updates the plugins as necessary.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.