Common Vulnerability Scoring System (CVSS) Explained

The Common Vulnerability Scoring System, or CVSS for short, is the first and only open framework for scoring the risk associated with vulnerabilities. CVSS is designed to rank information system vulnerabilities and provide an end user with a composite score representing the overall severity and risk the vulnerability presents. CVSS was created by The National Infrastructure Advisory Council (NIAC). Over the years it has become a very widely adopted scoring system and is used by such heavy hitters as the Department of Homeland Security, CERT, Cisco, Union Pacific, and Symantec to name but a few. CVSS is currently maintained by the Forum of Incident Response and Security Teams (FIRST), https://www.first.org, and was a combined effort involving many companies, including:

CERT/CC
Cisco Systems
eBay
Internet Security Systems
Microsoft
DHS/MITRE
Qualys
Symantec

https://www.networkworld.com/community/node/21105

Urs