Curl Project Discontinues Use of CVSS for Vulnerability Assessment
/ 1 min read
🧩 Curl Project Rejects CVSS Scoring for Vulnerability Assessment. The curl project has abandoned the Common Vulnerability Scoring System (CVSS) due to its limitations in accurately assessing the severity of vulnerabilities in widely-used software. Instead, the curl security team now categorizes vulnerabilities into four levels: low, medium, high, and critical, based on their in-depth knowledge of the codebase and usage contexts. This decision comes amid frustrations with the CVSS system, particularly after a critical score was assigned to a curl vulnerability that the team deemed low risk. The curl project aims to provide clearer security information and reduce misinformation, advocating for a more nuanced approach to vulnerability assessment beyond a single numerical score.
