Zoom has unveiled an open source Vulnerability Impact Scoring System (VISS) that aims to complement the widely used Common Vulnerability Scoring System (CVSS). VISS analyzes vulnerabilities based on actual demonstrated exploitation and provides a customizable framework to help organizations assess and prioritize vulnerabilities. While CVSS has been the industry standard for many years, there are limitations to its subjectivity, narrow scope, and improper representation of real-world risks. However, the recently launched CVSS 4.0 aims to address some of these limitations. Zoom has been testing VISS within its bug bounty program and has seen an increase in reports describing critical and high-severity vulnerabilities.
Sort: