Qualys has launched a new rating methodology for QualysGuard. It now supports a rating methodology called Common Vulnerability Scoring System (CVSS) that can be used to express the criticality of a discovered vulnerability or threat.

Qualys’s CTO Gerhard Eschelbeck said QualysGuard 4.5 will still use the Qualys proprietary rating system but CVSS is offered as an additional choice to customers to rank vulnerabilities found by scans of their networks.

Eschelbeck said CVSS is an XML-based method for ranking criticalities on a scale of 1 to 10, with 10 being the most critical.

CVSS has been developed with assistance from technical organisations such as Mitre under the stewardship of FIRST. FIRST is the global Forum for Incident Response and Security Teams, a collective for sharing security-related information. FIRST is comprised of the security-response divisions of more than 170 different government, industry and educational institutions, including Bank One, Boeing, AT&T, the Air Force, the Army and Indiana University.