Flaw ratings take pain out of patching

A group of IT companies has developed a standard way to rate security vulnerabilities, in a bid to give systems administrators a better way of prioritising software patches.

The Common Vulnerability Scoring System (CVSS) was designed by engineers from companies including Microsoft and Cisco.

CVSS uses a series of measurements to rate the severity of a flaw, according to a report in New Scientist.

System administrators currently have to decide which of the dozens of alerts and patches are the most important as different vendors have their own scoring systems.

The CVSS assessment judges a vulnerability according to characteristics such as whether it gives hackers access to confidential information, or allows them to modify or destroy data.

The assessment also takes into account the age of the flaw, rating older flaws as more serious as hackers are more likely to have developed a way to exploit the vulnerabilities.