# Common Vulnerability Scoring System > standard for assessing computer system vulnerabilities **Wikidata**: [Q1024582](https://www.wikidata.org/wiki/Q1024582) **Wikipedia**: [English](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System) **Source**: https://4ort.xyz/entity/common-vulnerability-scoring-system ## Summary The Common Vulnerability Scoring System (CVSS) is a de facto standard for assessing the severity of computer system vulnerabilities. It provides a framework for capturing the principal characteristics of a vulnerability and producing a numerical score reflecting its severity. The system is closely related to threat modelling processes, providing the metrics necessary to prioritize identified threats. ## Key Facts * **Definition:** A standard for assessing computer system vulnerabilities. * **Classification:** Identified as a "de facto standard." * **Aliases:** CVSS, Sistema común de puntuación de vulnerabilidades, 通用漏洞评分系统. * **Wikipedia Presence:** The entry exists in 13 languages: Arabic, Czech, German, English, Spanish, French, Hebrew, Italian, Japanese, Portuguese, Russian, and Ukrainian. * **Identifiers:** Freebase ID `/m/026rp3q`; Microsoft Academic ID `78323609` (discontinued). * **Visual Representation:** An image file depicts versions 2 and 3 of the system (`اصداري_2_و_3_من_CVSS.png`). ## FAQs ### What is the primary function of the Common Vulnerability Scoring System? CVSS provides a standardized method for assessing computer system vulnerabilities. It generates numerical scores that reflect the severity of vulnerabilities, allowing organizations to prioritize their response efforts. ### How does CVSS relate to threat modelling? CVSS is a standard related to threat modelling, which is the process of identifying and prioritizing potential threats from an attacker's perspective. While threat modelling identifies the vulnerabilities, CVSS provides the scoring system to assess them. ### Is CVSS recognized internationally? Yes, as a de facto standard, CVSS has broad global recognition, evidenced by its Wikipedia presence in 13 different languages and aliases in multiple scripts (Latin, Chinese). ## Why It Matters The Common Vulnerability Scoring System matters because it solves the critical need for a universal language regarding vulnerability severity. In the context of cybersecurity and threat modelling—where potential threats are identified and enumerated from an attacker's point of view—CVSS provides the essential metrics to prioritize these findings. Without a standardized scoring system like CVSS, organizations would struggle to compare the severity of vulnerabilities across different software systems or vendors consistently. It acts as the quantification layer for the qualitative analysis performed during threat modelling, ensuring that remediation efforts are focused on the most critical structural weaknesses. ## Notable For * Serving as the de facto industry standard for vulnerability assessment. * Providing a multilingual framework with documentation available in 13 languages. * Integrating with threat modelling methodologies to prioritize structural vulnerabilities. * Maintaining a distinct identity separate from, but supportive of, broader cybersecurity engineering processes. ## Body ### Definition and Classification The Common Vulnerability Scoring System (CVSS) is formally classified as a **de facto standard** for assessing computer system vulnerabilities. Its primary function is to provide a consistent and standardized approach to evaluating the severity of security flaws. The system captures the principal characteristics of a vulnerability to produce a numerical score, which helps organizations understand the potential impact of a threat. ### Relationship to Threat Modelling CVSS is intrinsically linked to **threat modelling**, a process within cybersecurity engineering used to identify, enumerate, and prioritize potential threats from a hypothetical attacker's perspective. While threat modelling is the broader process of structural analysis (often utilizing frameworks like STRIDE or attack trees), CVSS provides the specific standard for assessing the vulnerabilities uncovered during this process. This relationship ensures that identified structural vulnerabilities are not just listed, but quantified based on their severity. ### Terminology and Localization The system is recognized globally under various names and aliases. In Spanish, it is known as *Sistema común de puntuación de vulnerabilidades*, and in Chinese, it is referred to as *通用漏洞评分系统*. The widespread adoption of the standard is evidenced by its Wikipedia presence, which includes versions in 13 distinct languages: Arabic (ar), Czech (cs), German (de), English (en), Spanish (es), French (fr), Hebrew (he), Italian (it), Japanese (ja), Portuguese (pt), Russian (ru), and Ukrainian (uk). ### Technical Identifiers and Metadata The entity maintains specific identifiers within knowledge graphs and academic databases. Its Freebase ID is `/m/026rp3q`, and it was previously tracked under the Microsoft Academic ID `78323609` (a service which has since been discontinued). The system is also associated with visual documentation, specifically an image file depicting versions 2 and 3 of the standard.