This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
1
Why is that a lot of older CVEs have CVSS 3.0 base scores but not CVSS 3.1?
Post Flair (click to view more posts with a particular flair)
Post Body
I have recently been exploring the CVSS base scores from the NVD API and noticed that a lot of them (e.g. CVE-2016-5538) have a CVSS 3.0 base score but not 3.1
Considering that its easy to recalculate the 3.1 base scores based on the vector string, why is it not done? Is there some well known reason for this?
PS: I am a relative newbie to the vulnerability management space and got involved in this due to a project I am doing
Author
Account Strength
100%
Account Age
9 years
Verified Email
Yes
Verified Flair
No
Total Karma
593
Link Karma
417
Comment Karma
176
Profile updated: 6 days ago
Subreddit
Post Details
We try to extract some basic information from the post title. This is not
always successful or accurate, please use your best judgement and compare
these values to the post title and body for confirmation.
- Posted
- 10 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/AskNetsec/c...