Tenable Upgrades to NIST CVSS v2 Scoring Standard

August 20, 2007 – Columbia, MD – Tenable Network Security, Inc., the leader in unified security monitoring and creator of the popular and award-winning Nessus vulnerability scanner, today announced it has upgraded from CVSS v1 to CVSS v2 of the National Institute of Standards and Technology (NIST) CVSS scores across Tenable’s entire vulnerability management product line to help organizations improve discovery of vulnerabilities and to prioritize remediation efforts. 

“Tenable's Security Center, Passive Vulnerability Scanner and Nessus Vulnerability Scanner all currently provide support for NIST’s CVSS v2 scores, and our research team is actively engaged with NIST on scoring for new vulnerabilities. We believe that our customers will greatly benefit from one universal severity rating for security vulnerabilities,” says Ron Gula, CEO of Tenable.

NIST’s version of the Common Vulnerable Scoring System (CVSS) is a method for rating the impact of vulnerabilities published within the National Vulnerability Database (NVD). These scores are essential to enabling prioritization of vulnerability remediation. They are also a necessary component to NIST’s efforts to automate FISMA technical control compliance. NVD CVSS scores are essential to NIST’s larger efforts to enable commercial tools to automate FISMA technical control compliance and to perform security measurement. 

“We are proud to bring NIST’s CVSS v2 scoring to a global user base,” says Ron Gula, CEO of Tenable. “As enterprises and international governments look to incorporate standards for vulnerability classification and reporting into their standard operating procedures, we believe that the NIST standard will be a natural standard to include.” 

For more information on NIST and CVSS v2, please see: http://nvd.nist.gov/cvss.cfm. For further information about Tenable’s implementation of NIST’s CVSS v2, please visit: http://blog.tenablesecurity.com/2007/07/cvss-version-2-.html.