Open tschmidtb51 opened 7 months ago
Thank you for your input; I must admit that during research and implementation, I have not seen a "threat" or "environmental" score being defined anywhere in the CVSS 4.0 specification or the official implementation, which both only define and provide the base score.
The same goes for this go implementation that only returns one base score.
This also does not conform with my understanding of the "CVSS-BTE" nomenclature, where only one score is calculated and interpreted in a different way depending on the metrics used to calculate it.
If you would be as kind as to point me in the right direction for this? I would be very interested, as I've been looking for a way to calculate these myself, but was unable to find anything.
If you would be as kind as to point me in the right direction for this? I would be very interested, as I've been looking for a way to calculate these myself, but was unable to find anything.
I'm not sure whether I'm able to do that. According to the JSON schema, those values exist... Maybe, you could reach out to the CVSS SIG to ask them about this?
All right, I will be doing that next week. Thank you also for your other issues, we will be addressing them as soon as possible.
For CVSS 4.0, only the overall score is provided - the
threatScore
and theenvironmentalScore
that the JSON schema lists, are not presented.