I was recently interviewed by my friend Jack Wallen (whom I've known for 20 years as he actually coerced me to start writing for TechRepublic ages ago!). It was about a topic near and dear to my heart: CVSS (or Common Vulnerability Scoring System). With the explosion of security scanning vendors, particularly around containers, the reliance and misunderstanding of CVSS has been a thorn in my side.

I don't often blog about challenges at work or in the security industry, but I had considered writing about CVSS and some deficiencies around it (I may yet still do so). When Jack reached out to Red Hat to be interviewed, I jumped at the opportunity because it's an important topic and because I could trust Jack not to twist or sensationalize what I had to say. =)

This is an important topic, irrespective of who is talking about it. There is so much wrong with the way CVSS is being used today.

CVSS Struggles to Remain Viable in the Era of Cloud Native Computing