{"id":476525,"date":"2023-08-09T07:29:55","date_gmt":"2023-08-09T07:29:55","guid":{"rendered":""},"modified":"2023-09-05T11:12:55","modified_gmt":"2023-09-05T11:12:55","slug":"cvss","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/jp\/wiki\/cvss\/","title":{"rendered":"CVSS"},"content":{"rendered":"<p>CVSS (Common Vulnerability Scoring System) \u306f\u3001\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf \u30b7\u30b9\u30c6\u30e0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u306e\u91cd\u5927\u5ea6\u3092\u8a55\u4fa1\u3059\u308b\u305f\u3081\u306e\u6a19\u6e96\u5316\u3055\u308c\u305f\u30aa\u30fc\u30d7\u30f3 \u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3067\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001IT \u5c02\u9580\u5bb6\u3084\u7d44\u7e54\u306f\u3001\u4e00\u8cab\u3057\u305f\u60c5\u5831\u306b\u57fa\u3065\u3044\u305f\u65b9\u6cd5\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ea\u30b9\u30af\u3078\u306e\u5bfe\u5fdc\u306b\u512a\u5148\u9806\u4f4d\u3092\u4ed8\u3051\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 CVSS \u306f\u3001\u8106\u5f31\u6027\u306e\u4e3b\u306a\u7279\u5fb4\u3092\u6349\u3048\u3001\u57fa\u672c\u7684\u3001\u6642\u9593\u7684\u3001\u74b0\u5883\u7684\u30e1\u30c8\u30ea\u30af\u30b9\u3092\u8003\u616e\u3057\u3066\u3001\u305d\u306e\u91cd\u5927\u5ea6\u3092\u53cd\u6620\u3059\u308b\u6570\u5024\u30b9\u30b3\u30a2\u3092\u751f\u6210\u3059\u308b\u65b9\u6cd5\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002<\/p>\n<h2>CVSS\u306e\u8d77\u6e90<\/h2>\n<p>CVSS \u306f\u3001\u7c73\u56fd\u306e\u56fd\u5bb6\u30a4\u30f3\u30d5\u30e9\u8aee\u554f\u59d4\u54e1\u4f1a (NIAC) \u306e\u53d6\u308a\u7d44\u307f\u3068\u3057\u3066\u8a95\u751f\u3057\u307e\u3057\u305f\u3002 2000 \u5e74\u4ee3\u521d\u982d\u3001NIAC \u306f\u3001\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306b\u5bfe\u3059\u308b\u6f5c\u5728\u7684\u306a\u8105\u5a01\u3092\u3088\u308a\u9069\u5207\u306b\u7ba1\u7406\u304a\u3088\u3073\u8efd\u6e1b\u3059\u308b\u305f\u3081\u306b\u3001IT \u306e\u8106\u5f31\u6027\u3092\u8a55\u4fa1\u3059\u308b\u305f\u3081\u306e\u6a19\u6e96\u30b7\u30b9\u30c6\u30e0\u306e\u5fc5\u8981\u6027\u3092\u8a8d\u8b58\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>CVSS \u306e\u6700\u521d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3 (CVSS v1) \u306f\u3001Forum of Incident Response and Security Teams (FIRST) \u306b\u3088\u3063\u3066 2005 \u5e74\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u306e\u30c4\u30fc\u30eb\u306f\u3001\u7d71\u4e00\u3055\u308c\u305f\u8106\u5f31\u6027\u8a55\u4fa1\u3092\u63d0\u4f9b\u3057\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u5fdc\u30c1\u30fc\u30e0\u306e\u610f\u601d\u6c7a\u5b9a\u30d7\u30ed\u30bb\u30b9\u3092\u652f\u63f4\u3059\u308b\u3088\u3046\u306b\u8a2d\u8a08\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u305d\u308c\u4ee5\u6765\u3001\u66f4\u65b0\u3068\u6539\u5584\u304c\u884c\u308f\u308c\u30012019 \u5e74\u306b 3 \u756a\u76ee\u306e\u6700\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3 (CVSS v3.1) \u304c\u516c\u958b\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n<h2>CVSS \u306e\u8a73\u7d30<\/h2>\n<p>CVSS \u306f\u4e3b\u306b\u3001\u8106\u5f31\u6027\u306e\u91cd\u5927\u5ea6\u3092\u516c\u5e73\u306b\u6e2c\u5b9a\u3067\u304d\u308b\u3088\u3046\u306b\u8a2d\u8a08\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30b9\u30b3\u30a2\u30ea\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u306b\u3088\u308a\u3001\u7d44\u7e54\u306f\u30b7\u30b9\u30c6\u30e0\u304c\u76f4\u9762\u3059\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b\u6700\u3082\u91cd\u8981\u306a\u554f\u984c\u306b\u7126\u70b9\u3092\u5f53\u3066\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u3053\u308c\u306f\u5358\u306a\u308b\u5206\u985e\u30c4\u30fc\u30eb\u3067\u306f\u306a\u304f\u3001\u8105\u5a01\u306b\u5bfe\u5fdc\u3057\u3066\u9069\u5207\u306a\u884c\u52d5\u3092\u3068\u308b\u305f\u3081\u306e\u30ac\u30a4\u30c9\u3067\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>CVSS \u30b9\u30b3\u30a2\u306e\u7bc4\u56f2\u306f 0 \uff5e 10 \u3067\u30010 \u306f\u30ea\u30b9\u30af\u304c\u306a\u3044\u3053\u3068\u3092\u8868\u3057\u300110 \u306f\u6700\u9ad8\u30ec\u30d9\u30eb\u306e\u91cd\u5927\u5ea6\u3092\u793a\u3057\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30b9\u30b3\u30a2\u306f\u3001\u6b21\u306e 3 \u3064\u306e\u6307\u6a19\u30b0\u30eb\u30fc\u30d7\u306b\u57fa\u3065\u3044\u3066\u8a08\u7b97\u3055\u308c\u307e\u3059\u3002<\/p>\n<ul>\n<li>\n<p><strong>\u57fa\u672c\u6307\u6a19<\/strong>: \u3053\u308c\u3089\u306f\u3001\u653b\u6483\u30d9\u30af\u30c8\u30eb\u3001\u8907\u96d1\u3055\u3001\u5fc5\u8981\u306a\u6a29\u9650\u3001\u30e6\u30fc\u30b6\u30fc\u64cd\u4f5c\u3001\u7bc4\u56f2\u3001\u6a5f\u5bc6\u6027\u3001\u6574\u5408\u6027\u3001\u53ef\u7528\u6027\u3078\u306e\u5f71\u97ff\u306a\u3069\u3001\u6642\u9593\u3084\u30e6\u30fc\u30b6\u30fc\u74b0\u5883\u306e\u5909\u5316\u306b\u5fdc\u3058\u3066\u4e00\u5b9a\u306e\u8106\u5f31\u6027\u306e\u7279\u6027\u3067\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u6642\u9593\u7684\u30e1\u30c8\u30ea\u30af\u30b9<\/strong>: \u3053\u308c\u3089\u306e\u6307\u6a19\u306f\u6642\u9593\u306e\u7d4c\u904e\u3068\u3068\u3082\u306b\u5909\u5316\u3057\u3001\u8106\u5f31\u6027\u306e\u73fe\u5728\u306e\u72b6\u614b\u306b\u5bfe\u5fdc\u3057\u307e\u3059\u3002\u3053\u308c\u3089\u306b\u306f\u3001\u60aa\u7528\u53ef\u80fd\u6027\u3001\u4fee\u5fa9\u30ec\u30d9\u30eb\u3001\u30ec\u30dd\u30fc\u30c8\u306e\u4fe1\u983c\u6027\u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u74b0\u5883\u6307\u6a19<\/strong>: \u3053\u308c\u3089\u306e\u6307\u6a19\u306f\u3001\u5dfb\u304d\u6dfb\u3048\u88ab\u5bb3\u306e\u53ef\u80fd\u6027\u3001\u30bf\u30fc\u30b2\u30c3\u30c8\u306e\u5206\u5e03\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8981\u4ef6\u306a\u3069\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u74b0\u5883\u306b\u56fa\u6709\u306e\u3082\u306e\u3067\u3059\u3002<\/p>\n<\/li>\n<\/ul>\n<h2>CVSS \u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3092\u89e3\u660e\u3059\u308b<\/h2>\n<p>CVSS \u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u306f\u3001\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u60c5\u5831\u3092\u4e00\u8cab\u3057\u305f\u308f\u304b\u308a\u3084\u3059\u3044\u5f62\u5f0f\u3067\u53d6\u5f97\u3057\u3066\u4f1d\u9054\u3059\u308b\u3088\u3046\u306b\u8a2d\u8a08\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u305d\u306e\u69cb\u9020\u306f\u3001\u30d9\u30af\u30c8\u30eb\u6587\u5b57\u5217\u3068\u30b9\u30b3\u30a2\u30ea\u30f3\u30b0 \u30e1\u30ab\u30cb\u30ba\u30e0\u306b\u57fa\u3065\u3044\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>\n<p><strong>\u30d9\u30af\u30c8\u30eb\u6587\u5b57\u5217<\/strong>: \u3053\u308c\u3089\u306f\u3001\u30b9\u30b3\u30a2\u3092\u8a08\u7b97\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u308b\u30e1\u30c8\u30ea\u30c3\u30af\u306e\u5358\u7d14\u306a\u30c6\u30ad\u30b9\u30c8\u8868\u73fe\u3067\u3059\u3002\u5404\u30e1\u30c8\u30ea\u30c3\u30af\u306b\u306f\u3001\u305d\u306e\u6f5c\u5728\u7684\u306a\u5f71\u97ff\u3092\u793a\u3059\u5024\u304c\u4e0e\u3048\u3089\u308c\u307e\u3059\u3002\u305f\u3068\u3048\u3070\u3001CVSS v3.1 \u3067\u306f\u3001\u30d9\u30af\u30c8\u30eb\u6587\u5b57\u5217\u306f\u6b21\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059: CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30b9\u30b3\u30a2\u30ea\u30f3\u30b0\u306e\u4ed5\u7d44\u307f<\/strong>: \u30d9\u30af\u30c8\u30eb\u6587\u5b57\u5217\u5185\u306e\u30e1\u30c8\u30ea\u30af\u30b9\u306b\u5024\u3092\u5272\u308a\u5f53\u3066\u305f\u5f8c\u3001\u6570\u5f0f\u3092\u9069\u7528\u3057\u3066\u57fa\u672c\u30b9\u30b3\u30a2\u3092\u751f\u6210\u3057\u307e\u3059\u3002\u6b21\u306b\u3001\u6642\u9593\u30b9\u30b3\u30a2\u3068\u74b0\u5883\u30b9\u30b3\u30a2\u304c\u3001\u3055\u307e\u3056\u307e\u306a\u5f0f\u3092\u4f7f\u7528\u3057\u3066\u57fa\u672c\u30b9\u30b3\u30a2\u304b\u3089\u5c0e\u51fa\u3055\u308c\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ul>\n<h2>CVSS \u306e\u4e3b\u306a\u6a5f\u80fd<\/h2>\n<p>CVSS \u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u306e\u9855\u8457\u306a\u6a5f\u80fd\u306b\u306f\u6b21\u306e\u3088\u3046\u306a\u3082\u306e\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u4e00\u8cab\u6027\u306e\u3042\u308b\u8106\u5f31\u6027\u8a55\u4fa1\u306e\u305f\u3081\u306e\u6a19\u6e96\u5316\u3055\u308c\u305f\u30b9\u30b3\u30a2\u30ea\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0<\/li>\n<li>\u3055\u307e\u3056\u307e\u306a\u30bf\u30a4\u30d7\u306e\u30b7\u30b9\u30c6\u30e0\u3084\u8106\u5f31\u6027\u3078\u306e\u5e45\u5e83\u3044\u9069\u7528\u6027<\/li>\n<li>\u6642\u9593\u7684\u304a\u3088\u3073\u74b0\u5883\u56fa\u6709\u306e\u8abf\u6574\u304c\u53ef\u80fd<\/li>\n<li>\u8ab0\u3067\u3082\u5229\u7528\u3067\u304d\u308b\u900f\u660e\u6027\u3068\u30aa\u30fc\u30d7\u30f3\u6027<\/li>\n<li>\u8a73\u7d30\u306a\u30e1\u30c8\u30ea\u30af\u30b9\u306b\u3088\u308a\u3001\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u306e\u6df1\u3044\u6d1e\u5bdf\u304c\u5f97\u3089\u308c\u307e\u3059<\/li>\n<li>\u4fee\u5fa9\u4f5c\u696d\u306e\u512a\u5148\u9806\u4f4d\u4ed8\u3051\u3092\u652f\u63f4\u3059\u308b\u3088\u3046\u306b\u8a2d\u8a08\u3055\u308c\u3066\u3044\u307e\u3059<\/li>\n<\/ul>\n<h2>CVSS\u306e\u7a2e\u985e<\/h2>\n<p>\u3053\u308c\u307e\u3067\u306b\u516c\u958b\u3055\u308c\u3066\u3044\u308b CVSS \u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306f 3 \u3064\u3042\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li><strong>CVSS v1<\/strong> (2005): IT \u8106\u5f31\u6027\u3092\u8a55\u4fa1\u3059\u308b\u305f\u3081\u306e\u6a19\u6e96\u5316\u3055\u308c\u305f\u65b9\u6cd5\u3092\u63d0\u4f9b\u3059\u308b\u521d\u671f\u30d0\u30fc\u30b8\u30e7\u30f3\u3002<\/li>\n<li><strong>CVSS v2<\/strong> (2007): \u3088\u308a\u6d17\u7df4\u3055\u308c\u305f\u30e1\u30c8\u30ea\u30af\u30b9\u3067\u6700\u521d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u6539\u826f\u3057\u3001\u6642\u9593\u30b9\u30b3\u30a2\u3068\u74b0\u5883\u30b9\u30b3\u30a2\u3092\u5c0e\u5165\u3057\u307e\u3057\u305f\u3002<\/li>\n<li><strong>CVSS v3.1<\/strong> (2019): \u6700\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u306f\u3001\u30d9\u30fc\u30b9\u3001\u6642\u9593\u3001\u304a\u3088\u3073\u74b0\u5883\u30e1\u30c8\u30ea\u30af\u30b9\u306e\u5b9a\u7fa9\u304c\u3055\u3089\u306b\u6539\u5584\u3055\u308c\u3001\u660e\u78ba\u5316\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/li>\n<\/ol>\n<h2>CVSS\u306e\u6d3b\u7528\uff1a\u8ab2\u984c\u3068\u89e3\u6c7a\u7b56<\/h2>\n<p>CVSS \u306e\u4e3b\u306a\u7528\u9014\u306f\u3001\u8106\u5f31\u6027\u7ba1\u7406\u3068\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u30d7\u30ed\u30bb\u30b9\u3067\u3059\u3002\u7d44\u7e54\u306f CVSS \u30b9\u30b3\u30a2\u3092\u4f7f\u7528\u3057\u3066\u3001\u8106\u5f31\u6027\u306e\u91cd\u5927\u5ea6\u306b\u57fa\u3065\u3044\u3066\u4fee\u5fa9\u4f5c\u696d\u306b\u512a\u5148\u9806\u4f4d\u3092\u4ed8\u3051\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u30b9\u30b3\u30a2\u30ea\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u306f\u7d44\u7e54\u306e\u30d3\u30b8\u30cd\u30b9 \u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3092\u8003\u616e\u3057\u3066\u3044\u306a\u3044\u305f\u3081\u3001\u5358\u72ec\u3067\u4f7f\u7528\u3059\u308b\u3068\u975e\u52b9\u7387\u306a\u30ea\u30bd\u30fc\u30b9\u5272\u308a\u5f53\u3066\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u89e3\u6c7a\u7b56\u306f\u3001\u7279\u5b9a\u306e\u30d3\u30b8\u30cd\u30b9\u3078\u306e\u5f71\u97ff\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8981\u4ef6\u3092\u8003\u616e\u3057\u305f\u3001\u3088\u308a\u5927\u304d\u306a\u30ea\u30b9\u30af\u7ba1\u7406\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u306b CVSS \u30b9\u30b3\u30a2\u3092\u7d44\u307f\u8fbc\u3080\u3053\u3068\u3067\u3059\u3002\u3053\u306e\u3088\u3046\u306b\u3057\u3066\u3001\u4f01\u696d\u306f\u8106\u5f31\u6027\u7ba1\u7406\u306b\u5bfe\u3057\u3066\u30d0\u30e9\u30f3\u30b9\u306e\u53d6\u308c\u305f\u30a2\u30d7\u30ed\u30fc\u30c1\u3092\u69cb\u7bc9\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2>CVSS\u3068\u4ed6\u306e\u6a19\u6e96\u306e\u6bd4\u8f03<\/h2>\n<p>IT \u306e\u8106\u5f31\u6027\u3092\u8a55\u4fa1\u3059\u308b\u30b7\u30b9\u30c6\u30e0\u306f\u4ed6\u306b\u3082\u3042\u308a\u307e\u3059\u304c\u3001CVSS \u306f\u305d\u306e\u5305\u62ec\u7684\u306a\u6027\u8cea\u3001\u30aa\u30fc\u30d7\u30f3\u6027\u3001\u304a\u3088\u3073\u5e83\u304f\u666e\u53ca\u3057\u3066\u3044\u308b\u70b9\u3067\u969b\u7acb\u3063\u3066\u3044\u307e\u3059\u3002\u4ee5\u4e0b\u306b\u7c21\u5358\u306a\u6bd4\u8f03\u3092\u793a\u3057\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th><\/th>\n<th>CVSS<\/th>\n<th>OWASP \u30ea\u30b9\u30af\u8a55\u4fa1\u624b\u6cd5<\/th>\n<th>\u6050\u6016<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u30aa\u30fc\u30d7\u30f3\u30b9\u30bf\u30f3\u30c0\u30fc\u30c9<\/td>\n<td>\u306f\u3044<\/td>\n<td>\u3044\u3044\u3048<\/td>\n<td>\u3044\u3044\u3048<\/td>\n<\/tr>\n<tr>\n<td>\u30b9\u30b3\u30a2\u7bc4\u56f2<\/td>\n<td>0-10<\/td>\n<td>\u30ea\u30b9\u30af \u30ec\u30d9\u30eb (\u4f4e\u304b\u3089\u91cd\u5927)<\/td>\n<td>0-10<\/td>\n<\/tr>\n<tr>\n<td>\u8981\u56e0<\/td>\n<td>\u6a5f\u5bc6\u6027\u3001\u5b8c\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u60aa\u7528\u53ef\u80fd\u6027\u3001\u4fee\u5fa9\u3001\u30ec\u30dd\u30fc\u30c8\u306e\u4fe1\u983c\u6027<\/td>\n<td>\u8105\u5a01\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3001\u8106\u5f31\u6027\u3001\u5f71\u97ff<\/td>\n<td>\u640d\u5bb3\u3001\u518d\u73fe\u6027\u3001\u60aa\u7528\u53ef\u80fd\u6027\u3001\u5f71\u97ff\u3092\u53d7\u3051\u308b\u30e6\u30fc\u30b6\u30fc\u3001\u767a\u898b\u53ef\u80fd\u6027<\/td>\n<\/tr>\n<tr>\n<td>\u6642\u9593\u7684\u304a\u3088\u3073\u74b0\u5883\u7684\u6307\u6a19\u306e\u4f7f\u7528<\/td>\n<td>\u306f\u3044<\/td>\n<td>\u3044\u3044\u3048<\/td>\n<td>\u3044\u3044\u3048<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>CVSS\u306e\u5c06\u6765<\/h2>\n<p>\u30b5\u30a4\u30d0\u30fc\u8105\u5a01\u304c\u9032\u5316\u3057\u7d9a\u3051\u308b\u306b\u3064\u308c\u3066\u3001CVSS \u3082\u9032\u5316\u3057\u307e\u3059\u3002\u30b3\u30df\u30e5\u30cb\u30c6\u30a3\u306f\u3001\u8106\u5f31\u6027\u306e\u91cd\u5927\u5ea6\u3092\u3088\u308a\u9069\u5207\u306b\u53cd\u6620\u3059\u308b\u305f\u3081\u306b\u30b9\u30b3\u30a2\u30ea\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u3092\u6539\u826f\u3059\u308b\u3053\u3068\u306b\u7a4d\u6975\u7684\u306b\u53d6\u308a\u7d44\u3093\u3067\u3044\u307e\u3059\u3002 AI \u3068\u6a5f\u68b0\u5b66\u7fd2\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u3092\u7d71\u5408\u3057\u3066\u3001CVSS \u30b9\u30b3\u30a2\u30ea\u30f3\u30b0 \u30d7\u30ed\u30bb\u30b9\u3092\u81ea\u52d5\u5316\u3057\u3001\u3088\u308a\u6b63\u78ba\u306b\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u3055\u3089\u306b\u3001CVSS \u306e\u5c06\u6765\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u306f\u3001IoT \u30c7\u30d0\u30a4\u30b9\u3084\u7523\u696d\u7528\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\u306a\u3069\u3001\u523b\u3005\u3068\u5909\u5316\u3059\u308b\u30b5\u30a4\u30d0\u30fc\u8105\u5a01\u306e\u72b6\u6cc1\u306b\u5bfe\u5fdc\u3059\u308b\u305f\u3081\u306b\u3001\u3088\u308a\u591a\u69d8\u306a\u30e1\u30c8\u30ea\u30af\u30b9\u304c\u7d44\u307f\u8fbc\u307e\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fc\u3068CVSS<\/h2>\n<p>OneProxy \u306b\u3088\u3063\u3066\u63d0\u4f9b\u3055\u308c\u308b\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u3068\u540c\u69d8\u3001\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u8106\u5f31\u6027\u306e\u7ba1\u7406\u3068 CVSS \u30b9\u30b3\u30a2\u306e\u5229\u7528\u306b\u304a\u3044\u3066\u91cd\u8981\u306a\u5f79\u5272\u3092\u679c\u305f\u3057\u307e\u3059\u3002\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u4ef2\u4ecb\u8005\u3068\u3057\u3066\u6a5f\u80fd\u3059\u308b\u3053\u3068\u3067\u3001\u60aa\u610f\u306e\u3042\u308b\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3057\u3066\u9664\u5916\u3057\u3001\u653b\u6483\u5bfe\u8c61\u9818\u57df\u3068\u6f5c\u5728\u7684\u306a\u8106\u5f31\u6027\u3092\u6e1b\u3089\u3059\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u3055\u3089\u306b\u3001\u5805\u7262\u306a\u8106\u5f31\u6027\u7ba1\u7406\u30d7\u30ed\u30bb\u30b9 (CVSS \u3092\u542b\u3080) \u3092\u5099\u3048\u305f\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3059\u308b\u3068\u3001\u4fdd\u8b77\u3092\u5f37\u5316\u3067\u304d\u307e\u3059\u3002\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u30ed\u30b0\u306b\u8a18\u9332\u3059\u308b\u305f\u3081\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u76e3\u67fb\u306b\u8cb4\u91cd\u306a\u30c7\u30fc\u30bf\u3092\u63d0\u4f9b\u3057\u3001\u6f5c\u5728\u7684\u306a\u8106\u5f31\u6027\u306e\u7279\u5b9a\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<h2>\u95a2\u9023\u30ea\u30f3\u30af<\/h2>\n<p>CVSS \u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u6b21\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.first.org\/cvss\/user-guide\" target=\"_new\" rel=\"noopener nofollow\">\u6700\u521d\u306e CVSS \u30ac\u30a4\u30c9<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v3.1\/specification-document\" target=\"_new\" rel=\"noopener nofollow\">NVD CVSS v3.1 \u4ed5\u69d8<\/a><\/li>\n<li><a href=\"https:\/\/www.nist.gov\/cyberframework\/online-learning\/cvss\" target=\"_new\" rel=\"noopener nofollow\">NIST \u306e CVSS \u6982\u8981<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v3-calculator\" target=\"_new\" rel=\"noopener nofollow\">CVSS \u8a08\u7b97\u6a5f<\/a><\/li>\n<\/ul>\n<p>CVSS \u3092\u7406\u89e3\u3057\u3066\u9069\u7528\u3059\u308b\u3053\u3068\u306f\u3001\u8106\u5f31\u6027\u7ba1\u7406\u3068\u5168\u4f53\u7684\u306a\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4f53\u5236\u306e\u6539\u5584\u3092\u76ee\u6307\u3059\u7d44\u7e54\u306b\u3068\u3063\u3066\u4e0d\u53ef\u6b20\u3067\u3059\u3002 CVSS \u3092\u30ea\u30b9\u30af\u8a55\u4fa1\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u306b\u7d71\u5408\u3059\u308b\u3053\u3068\u3067\u3001\u4f01\u696d\u306f\u8106\u5f31\u6027\u306b\u512a\u5148\u9806\u4f4d\u3092\u4ed8\u3051\u3066\u52b9\u679c\u7684\u306b\u5bfe\u5fdc\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>","protected":false},"featured_media":476526,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-476525","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Understanding CVSS: The Common Vulnerability Scoring System<\/mark>","faq_items":[{"question":"What is the Common Vulnerability Scoring System (CVSS)?","answer":"<p>CVSS is a standardized, open framework for assessing the severity of computer system security vulnerabilities. It provides a way to capture the main characteristics of a vulnerability and produce a numerical score reflecting its severity. The scores range from 0 to 10, with 0 representing no risk and 10 indicating the highest level of severity.<\/p>"},{"question":"Who developed CVSS and when was it first introduced?","answer":"<p>CVSS was initially developed by the Forum of Incident Response and Security Teams (FIRST) under the recommendation of the National Infrastructure Advisory Council (NIAC) in the United States. The first version of CVSS (CVSS v1) was introduced in 2005.<\/p>"},{"question":"What are the three metric groups used in CVSS?","answer":"<p>The three metric groups used in CVSS are Base Metrics, Temporal Metrics, and Environmental Metrics. Base Metrics are constant characteristics of a vulnerability, Temporal Metrics change over time and deal with the current state of the vulnerability, and Environmental Metrics are specific to a user\u2019s environment.<\/p>"},{"question":"What does a CVSS score range signify?","answer":"<p>CVSS scores range from 0 to 10. A score of 0 represents no risk, while a score of 10 indicates the highest level of severity or risk. The scores help organizations prioritize their responses and remediation efforts towards security vulnerabilities.<\/p>"},{"question":"How many versions of CVSS exist?","answer":"<p>There have been three versions of CVSS published so far: CVSS v1 in 2005, CVSS v2 in 2007, and CVSS v3.1 in 2019. Each version has brought refinements and improvements to the system.<\/p>"},{"question":"How does CVSS compare to other vulnerability assessment standards?","answer":"<p>While there are other systems for assessing IT vulnerabilities, CVSS stands out due to its comprehensive nature, openness, and widespread adoption. It uses a numerical scoring system and considers various factors such as confidentiality, integrity, availability, exploitability, remediation, and report confidence. It also uses temporal and environmental metrics, unlike many other standards.<\/p>"},{"question":"How can proxy servers be used with CVSS?","answer":"<p>Proxy servers, like those provided by OneProxy, can play a significant role in managing vulnerabilities and utilizing CVSS scores. They can filter out malicious traffic, reducing the attack surface and potential vulnerabilities. Additionally, they can provide valuable data for security audits and assist in identifying potential vulnerabilities when used as part of a robust vulnerability management process.<\/p>"},{"question":"What is the future perspective of CVSS?","answer":"<p>The future of CVSS includes refining the scoring system to better reflect the severity of vulnerabilities. It might incorporate AI and machine learning technologies to automate the CVSS scoring process. Furthermore, future versions may include more diverse metrics to accommodate new types of cyber threats, such as those involving IoT devices and industrial control systems.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/476525","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/476525\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media\/476526"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media?parent=476525"}],"curies":[{"name":"\u3046\u30fc\u3093","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}