Updates from the CVSS SIG
CVE/FIRST VulnCon 2025 · Main Stage
This talk, presented by Nick Leali, a co-chair of the Common Vulnerability Scoring System (CVSS) Special Interest Group (SIG), provides a comprehensive update on the state of CVSS version 4 (v4). Leali details the significant strides made in v4 adoption across the industry, highlighting the contributions of various vendors, the CVE program, and NVD. The presentation also addresses ongoing efforts by the SIG to enhance documentation, provide clearer guidance, and tackle challenges related to the implementation and interpretation of the new standard.
AI review
A competent, well-organized status update on CVSS v4 from someone who clearly has the credentials to deliver it — SIG co-chair, practitioner, hands-on implementer. The talk is honest about adoption friction, surfaces real survey data, and covers the vector-reassessment concept with enough specificity to be useful. It's not research; it's a standards-body briefing, and graded in that lane it does its job adequately. The problem is that it rarely rises above what a careful reader of the CVSS SIG release notes and FAQ already knows. The most technically interesting exchange — the schema…