To provide a qualitative representation of vulnerabilities

To capture the principal characteristics of a vulnerability and produce a numerical score

To eliminate the need for security patches

To replace traditional security measures

Physical attack

Adjacent network attack

Local attack

Network attack

The attack is very easy to accomplish

The attack requires no user interaction

The attack can be executed remotely

The attack is very complicated

The time required for a vulnerability to be reported

The duration of a security patch's effectiveness

The availability and maturity of exploit code

The time it takes to exploit a vulnerability

Japanese Microsoft Security Bulletin

Microsoft's official website

Attacker Cabcom

Zero Day Initiative

It replaces the need for official security bulletins

It offers detailed technical analysis

Researchers often share insights and updates

It always provides official information

To ensure patches are released faster

To increase the CVSS score of vulnerabilities

To help improve the clarity and detail of the bulletins

To reduce the number of vulnerabilities